A new type of Bitcoin ransomware seems to be making the rounds, as various institutes in Germany and Australia have been affected by this malicious piece of software. As is the case with any form of Bitcoin ransomware, the only way to solve the Locky problem is by paying a sum in BTC. That is unless companies have a backup they can revert to.
Locky Ransomware Attacks Major Institutions
There have been various types of Bitcoin ransomware plaguing individual users and companies throughout 2015. Some of the more popular versions are CryptoLocker and CTB-Locker, both of which use the same modus operandi by decrypting a lot of files on the host computer and demanding money to return access to the user.
Locky is a new variant of this Bitcoin malware, which seems to be deliberately targeting major institutions all over the world. By locking important files belong to these establishments and corporations, the hackers are increasing their chances of receiving the money. Needless to say, this is extortion in its purest form, although paying is the fastest option of getting rid of this ransomware.
The way Locky spreads itself is through Word and Excel files, both of which are very common file types in any organization or institution. But there is more to Locky than just opening a malicious file, as the ransomware executives a specific macro to install itself on a host computer.
Keeping in mind how the usage of macros in both Excel and Word is turned off by default, it is up to the end user to click “Yes” when the popup to enable macros comes up. However, such a message is not malicious per se, as there are a lot of people who use macros for these file types.
Once installed and activated, Locky will then start encrypting essential files on both the host computer, as well as any network disks or servers. The only way to get rid of this malware – other than restoring a backup – is by paying the ransom in Bitcoin, which currently sits at 0.5 BTC [slightly over US$208]per infection
What is a serious concern is how none of the antivirus tools available today can detect Locky, rendering machines all over the world completely vulnerable to ransomware attacks. Most of these attacks seem to target European institutions, as the software has been translated into many different languages to get the message across.
Source: Tweakers (Dutch)
If you liked this article follow us on Twitter @themerklenews and make sure to subscribe to our newsletter to receive the latest bitcoin and altcoin price analysis and the latest cryptocurrency news.