Beware of Locky Ransomware Emails

Robert Valcourt
Apr 01, 2016
Beware of Locky Ransomware Emails

Like we don't already have enough issues in our day to day life; the falling dollar, ISIS, Donald Trump, and now yet another email security problem. I am of course talking about Locky Ransomware.

You have likely already noticed an increase in strange messages in your inbox (if not you're one of the lucky ones). These messages appear to be from yourself and contain an attachment. These are Locky Ransomware or Dridex banking Trojan emails.

You might be thinking that your PC is infected, or maybe your mobile device, but this is not (likely) the case. The source of these emails is not entirely known (at this time). The attackers use email addresses and subjects that will entice a user to open the email and extract the attachment. Small and medium-size businesses are being attacked more than private users, with the hope of getting a better response.

Telltale Signs of a Locky Ransomware Email

  • From: your own email address
  • Subject: Document1 *
  • Attachment: *
  • Body content: totally blank
  • Screenshot: None

* The attachment filename and message subject can vary. Numbers from 1 to 99 with the zip attachment matching the subject number, e.g.,

What you Should and Should Not Do

The emails and attachments are not harmful just sitting in your inbox. You SHOULD delete these emails right away. You may also consider creating message rules within your email software to watch for messages that are:

  • from yourself
  • contain attachments
  • have a blank body area

Have the rule delete the messages for you, so you don't have to deal with them. Please remember that this is not a fool-proof way to deal with these messages. At any time the attackers may change their tactics, invalidating these rules.

You SHOULD NOT extract the attachment or worse, open the extracted file. Do not forward these message to your family, friends or colleagues asking them "what's this all about?".

What Will Happen if the Attachment is Opened?

Trust me; you don't want to know … but if you really do, head on over the Wikipedia to learn more about ransomware. Also, learn what it costed Presbyterian Medical Center.

Made With In Whistler