HKCERT Security Alert: Locky Ransomware in the Wild
[Press released on 18 Mar 2016]
The Hong Kong Computer Emergency Response Team Coordination Centre (HKCERT) of the Hong Kong Productivity Council today (18 March 2016) alerted the public to be vigilant to the Locky ransomware attacks that hold data hostage and demand ransom from the victim.
The alert came as HKCERT recorded a sudden surge in the number of incidents in the past few days. Since mid-February, HKCERT has received 18 reports of Locky ransomware, but 15 of which were received from 16 to 18 March. The victims included local SMEs and non-Government organizations. HKCERT expects many unreported cases to come as the ransomware is spreading quickly around the world.
HKCERT notes that Locky-encrypted files on the victims’ computers have a “.locky” file extension. Victims will be threatened to pay the ransom in bitcoins to get the decryption key, but there is no guarantee they can obtain the key to recover their data.
On the other hand, a website injected with the malicious code will redirect visitors to an exploit website which hosts the attack code. The latter will further attack the security vulnerabilities of the users’ computer system and applications and install the Locky ransomware. The malicious code usually targets Internet Explorer users.
To protect data from ransomware attacks, HKCERT advises Internet users to regularly backup data and keep an offline copy of the backup, and keep security software updated, patch system and other software. The macro feature of Microsoft office should be turned off, and only re-enabled temporarily when necessary and under secure condition. In addition, users are advised to delete any suspicious emails received.
For incidents reporting or enquiries, please contact the HKCERT hotline at tel: (852) 8105 6060, or email: [email protected].