[bestbits] RANSOMWARE BY NAME LOCKY.
bzs at theworld.com
bzs at theworld.com
Thu Mar 24 15:29:22 EDT 2016
This is one reason why I:
1. Do regular backups to an external drive
2. Keep all documents of interest under a single directory (and
subdirectories under that) so I can periodically sweep them to a cheap
thumb drive or DVD or another server with a single command or
two. Copying important files to your phone should be easy also with
potential security issues noted (I encrypt anything sensitive.)
3. And I don't use mail programs on my windows system but that's
admittedly weaker and might run into policy problems for many, but it
helps! There are other entry points for miscreants of course.
4. Keep my windows recovery disk current and a copy of the system
installation disks nearby. Again, possibly a policy issue.
On March 24, 2016 at 08:52 wisdom.dk at gmail.com (Wisdom Donkor) wrote:
> Dear All,
>
> Yesterday at 2:38pm an employee in one of the organisation in Ghana was
> attacked by ransomware by name locky, this ransomware was sent in an email
> with an attachment , the attachment contained an ms-word document with a
> malicious macro, the locky program was activated when the user clicked "enable
> editing " after the document was opened, this macro begun an encryption
> process using a RSA-2048 and AES-128 algorithm, the encryption process
> targeted the following file extensions *.docx;*.pdf;*.pptx;*.xlsx;*.doc
>
> Yesterday Three US hospitals were hit by "locky" as well,The IT systems of
> Kentucky Methodist Hospital and Chino Valley Medical Center and Desert Valley
> Hospital, California, were infected with this ransomware,
> The files cannot be recovered unless the victim has an offline backup to
> recover from or pays a ransom with bitcoins via the darkweb,the attackers
> promise to send the private key in a compiled program to decrypt the victim's
> files after they receive payment.
> System restore cannot restore files just settings so it will not help in this
> case.
>
> Third-party recovery software cannot recover the encrypted files because the
> files are not considered as deleted. The previous ransomware by name
> "cryptolocker" did not rename the files it encrypted so it was possible to
> recover your files by using the windows "previous version" feature, however
> "locky" renames all the files it encrypts so that windows cannot index the
> file's shadow copies to recover them.
>
> CERT-GHANA recommends that all users open email attachments with caution
> especially executable files.
>
> Cheers,[cleard]
>
> WISDOM DONKOR (S/N Eng.)
> ICANN Fellow / ISOC Member, IGF Member, Diplo Foundation
> OGP Working Group Member, Africa OD Working Group Member
> E-government and Open Government Data Platforms Specialist
> National Information Technology Agency (NITA)
> Ghana Open Data Initiative (GODI)
> Post Office Box CT. 2439, Cantonments, Accra, Ghana
> Tel; +233 20 812881
> Email: wisdom_dk at hotmail.com
> wisdom.donkor at data.gov.gh
> wisdom.dk at gmail.com
> Skype: wisdom_dk
> facebook: facebook at wisdom_dk
> Website: www.nita.gov.gh / www.data.gov.gh
> www.isoc.gh / www.itag.org.gh
>
> x[DELETED ATTACHMENT ransom.jpg, JPEG image]
> ____________________________________________________________
> You received this message as a subscriber on the list:
> bestbits at lists.bestbits.net.
> To unsubscribe or change your settings, visit:
> http://lists.bestbits.net/wws/info/bestbits
--
-Barry Shein
Software Tool & Die | bzs at TheWorld.com | http://www.TheWorld.com
Purveyors to the Trade | Voice: +1 617-STD-WRLD | 800-THE-WRLD
The World: Since 1989 | A Public Information Utility | *oo*
More information about the Bestbits
mailing list