Cryptolocker ‘Locky’ – The Layer3 Defence

It’s that time again. Time for another round of Cryptolockers.

This time ‘Locky’.

If you don’t already know, a Cryptolocker is a virus which infects your computer through social engineering such as a fake invoice through email, or an email asking you to visit a suspect website.

Cryptolockers were initially very hard to combat. Many antivirus vendors have failed to pick up new variants of Cryptolockers. This detection issue is because of the way traditional Antivirus software works.

Most antivirus software over the last decade works on definition files. These definition files are usually released on a daily basis for most home user Antivirus software, and on an hourly basis for Business users. The problem with this approach is they are defined to a set of virus-like patterns within the definition file. If something new comes along, the Antivirus software will not detect it unless the Antivirus software has other capabilities such as behavioral analysis.

Locky is usually distributed by an email attachment, usually an invoice. This invoice, when opened will ask you to enable Macros. This is how the virus executes malicious code on your computer. The reason this Cryptolocker is a problem is that:

  • It encrypts all files (documents/media) on your computer
  • It encrypts all files on mapped network drives
  • it encrypts all files on unmapped network drives

The biggest problem is that it encrypts files on unmapped network drives. This means that the Locky virus scans the network for network shares inwhich it can access and infect, even if the user is not actually using them.

For customers on a Layer3 agreement, you will be protected by our Managed Antivirus solution, which is installed on your workstations, laptops, and servers. This Antivirus contains advanced scanning features such as behavioral analysis which detects behavior on the computer which is not normal behavior. Behavior analysis helps greatly in detecting Cryptolocker viruses.

Many customers also have our Premium Spam Filtering and Umbrella Web Filtering services which mitigate the risk. If you don’t have these services, please get in touch.

Be assured, if you are a Layer3 customer on Managed Services Agreement, you will be protected from this latest Cryptolocker.

If you do have any concerns, please email our support staff at info@layer3.nz

0 replies

Leave a Reply

Want to join the discussion?
Feel free to contribute!

Leave a Reply

Your email address will not be published. Required fields are marked *