VietNamNet Bridge - ‘Locky’, a new virus that encrypts victims’ files and demands ransom for decryption, has been spreading at an alarming rate, according to FPT, Vietnam’s largest information technology group.

{keywords}

FPT has given warnings about the presence of new ransomware virus on chungta.vn. The virus has spread very rapidly via email. 

An email from a strange address attached with ‘.doc’ file is sent to users. When users open the attached file and choose ‘enable macro’, a virus is downloaded and activated on users’ computers. 

It encrypts data on computers and make it unusable. In many cases, all the data on computers is deleted. After that, hackers ask the victims to pay ransom to get back the encrypted data.

When computers get infected with ‘Locky’, a notice will be shown on screen “All of your files are encrypted with RSA 2048 and AES 128 ciphers”, and users cannot open their files.

When computers get infected with ‘Locky’, a notice will be shown on screen “All of your files are encrypted with RSA 2048 and AES 128 ciphers”, and users cannot open their files.

According to FPT, the anti-virus software now available in the market cannot find the virus to prevent and kill it. Locky has many different variants and there is no tool to restore data.

Prior to that, in mid-February 2016, Securitydaily.net also gave warnings about the dangerous virus. 

If someone discovers a ‘.locky’ extension on its system, he will have two choices – either to reset his system, or pay ransom.

According to Securitydaily.net, Locky ransomware has spread at the rate of 4,000 infects per hour, or 100,000 infects per day.

Tran Quang Chien, director of VNIST Corporation which runs Securitydaily.net, said Locky is a dangerous ransomware virus.

Like CTBLocker, Critroni and Onion, the viruses can encrypt all important files on victims’ computers and users will have to pay for decryption. 

However, Locky is even more dangerous because it affects computers by embedding malware into macro of word files, which may be beyond users’ vigilance.

A security expert said in order to prevent the virus, it would be better for users not to open the files they receive from the internet, including Word, Excel, PowerPoint, .exe files directly on computers, if they are not sure about their origin.

Computer users have been advised to check their computers and use the services to scan vulnerabilities in their computers which hackers may exploit to spread malware, and if they find problems, they need to fix them immediately.

In case they discover malware, they need to isolate the computers and not use the computers until the problems are fixed by professionals.

Regarding the ransomware virus, VNCERT warned on Information Security Day that viruses of this type were on the rise and it would be a growing tendency in 2016.


Buu Dien