“Locky” Trojan

This is a new twist on an old and very nasty Trojan, and one which can potentially cause you to lose the contents of your PC or laptop without hope of recovery.

It starts with an email which has a Microsoft Word document attached. The email title usually mentions an invoice or a document, and you may or may not know the sender. When you open the document, the Trojan downloads and starts to encrypt the files on your computer. It changes the file name to an incomprehensible string of letters and numbers, and then changes the file extension to .locky. All of the files in your computer will eventually be encrypted in this manner.

The Trojan also adds a file called “help” to every folder it encrypts. This contains instructions to visit a website via a given link, and pay a ransom (usually 1/2 a Bitcoin, at present around £350.00) to obtain an unencryption key for your data. In our experience this is not forthcoming on payment of the ransom, and you are then out of pocket as well as having no data.

There is no solution to this Trojan once it is in your system except a total, very careful wipe of the hard disk and a reload of the Windows system. Any data which has been encrypted is lost.

A defence against it is to keep at least one copy of anything important to you on a seperate physical medium, such as an external hard disk drive or USb flash drive, and to disconnect this from your PC or laptop when you aren’t using it. Any drives attached or network shares are vunerable to attack.

If you do see your files becoming encrypted, turn the computer off at once. Do not switch it back on until you have brought it to us for remedial action. The faster we get it, the more of your files we can save.

Comments are closed.