Ransomware attacks turned out to be the biggest digital threat of 2016. It was so rampant that the FBI estimates victims paid nearly $1 billion in ransom last year. Yikes!
One of the most horrifying and successful ransomware campaigns has been Locky. Surprisingly, Locky has been relatively non-existent this year. Until now.
Why Locky ransomware is scarier than ever
We recently told you that Cerber has taken over as the ransomware king.Â One reason Cerber is spreading at such a fast rateÂ is the fact that it's ransomware-as-a-service (RaaS). RaaS is a user-friendly type of ransomware that can be deployed by anyone, even if they have very little technical ability.
Locky has made a critical change in how it is distributed, making it harder to detect. The scammers behind Locky are now sending phishing emails to their targeted victims, hoping to trick them into clicking on a malicious PDF. Over 35,000 of these malicious emails were recently sent out in just over a few hours.
The phishing email purports to be a receipt for a recent payment you made of some sort. To see the receipt, you're instructed to open a PDF document.
Warning, do not open the PDF, it's a scam!
Once the PDF is opened, you'reÂ asked to give the PDF reader permission to open another file. The second file is actually a Word document that requestsÂ permission to run macros. If you give permission to run Macros, Locky ransomware is downloaded and encrypts your gadgets' data.
The scammer will then demand a ransom to be paid to regainÂ access to the gadget. The demanded payment is currently 1 Bitcoin, which is approximately $1,250 U.S. dollars.
How to protect against Locky ransomware
This new version of Locky ransomware is more devious than ever. Since it incorporates a phishing scam to infect your gadget with ransomware, you need to know how to prevent both types of attacks. Let's start with phishing:
- Be cautious with links - If you get an email or notification that you find suspicious, don't click on its links. It's better to type the website's address directly into a browser. Before you ever click on a link, hover over it with your mouse to see where it is going to take you. If the destination isn't what the link claims, do not click on it.
- Do NOT enable macros - You should never download Word or Excel files attached to unsolicited emails to begin with. If you do open one of these documents and it says that you need to turn on macros, close the file and delete it immediately.
- Do an online search - If you get a notification about something that seems shady, do an online search on the topic. If it's a scam, there are probably people online complaining about it and you can find more information.
- Watch for typos - Phishing scams are infamous for having typos. If you receive an email or notification fromÂ a reputable company, it should not contain typos. Typically, there are signs that give away the fact that an email is fake. Can you spot one? Take our phishing IQ test to find out.
- Use multi-level authentication - When available, you should be using multi-level authentication. This is when you have at least two forms of verification, such as a password and a security question before you log into any sensitive accounts. Click here to learn more about two-factor authentication.
Obviously, not having your gadget infected with ransomware would be ideal. Read these tips on boosting your safety online to help.
Since ransomware attacks exploded in 2016, the U.S. government is trying to help prevent them. Here are some tips from the FBI on handling ransomware attacks:
- Back up data regularlyÂ - this could be the best way to recover your critical data if you are infected.
- Make sure your backups are secure - do not connect your backups to computers or networks that they are backing up.
- Never open risky links in emails - don't open attachments from unsolicited emails.
- Download only trusted software - make sure the software you download comes from trusted sites.
- Have strong security software - This will help prevent the installation of ransomware on your gadget.
Backing up your critical data is an important safety precaution in the fight against ransomware. We recommend using our sponsor, IDrive. You can backup all your PCs, Macs and mobile devices into ONE account for one low cost! Click here to receive a special discount of 50 percent.
Listen to our podcast for more helpful protection ideas: