Skip to main content
  1. Home
  2. Computing
  3. News

‘Locky’ ransomware harnesses the power of Microsoft Word to trick you into paying

By

A person using a laptop that displays various Microsoft Office apps.
Shutterstock
Ransomware is a form of malware that’s more annoying than usual both because it revokes access to your computer, and because it then has the nerve to charge you money in order to reverse the lockout. A new type of ransomware, called Locky, appears to deceive users by taking after banking software Dridex.

In a typical Locky attack, victims are emailed a Microsoft Word document disguised as an invoice that requires that a macro app be executed from within the word processor. By default, macros are disabled by Microsoft. If you happen to have enabled them yourself, though, a macro will open from within Word and download Locky to your computer, explained Palo Alto Networks in a blog post earlier this week.

Recommended Videos

Because of the similarity to a process used by Dridex, many reports are assuming that the developer behind Locky bears some affiliation with the banking software developer “due to similar styles of distribution, overlapping file names, and an absence of campaigns from this particularly aggressive affiliate coinciding with the initial emergence of Locky,” Palo Alto stated.

Related

The way ransomware works is that files on the computer are usually encrypted at the user’s expense, literally, as the malicious software will take control of your personal data and then charge a fee for you to regain access.

It appears the coders behind Locky were planning an attack on a colossal scale. In fact, Palo Alto Networks claims to have uncovered 400,000 sessions that take advantage of the Bartallex macro application used by the ransomware in question.

Unlike other ransomware, Locky’s command-and-control infrastructure tries to employ a key exchange in memory prior to file encryption. Notably, PC World states that this could serve as a weak point for the ransomware.

“This is interesting, as most ransomware generates a random encryption key locally on the victim host and then transmits an encrypted copy to attacker infrastructure,” Palo Alto’s post explains. “This also presents an actionable strategy for mitigating this generation of Locky by disrupting associated” command-and-control networks.

Kevin Beaumont, who wrote a Medium post about the ransomware, points out that files affected by a Locky attack are, quite logically, labeled with a “.locky” extension.

Beaumont adds that for those users affected by Locky within an organization, “You will likely have to rebuild their PC from scratch.

Editors’ Recommendations

Topics
Gabe Carey
Gabe Carey
Former Digital Trends Contributor
A freelancer for Digital Trends, Gabe Carey has been covering the intersection of video games and technology since he was 16…
5 Microsoft Word tricks that revolutionized my workflow
Word on a laptop showing clipboard, screenshot, and random text.

Microsoft Word is an important part of many of our daily work lives, but that doesn't mean we're always using it for all it's worth. Over time, Microsoft has added new features that make Word more robust, but you don’t always have insight into new features or even those useful hidden tools.

To improve your workflow when using Microsoft Word, here are five tricks that dramatically improved my own time with the application. Over the years, these have saved me time, reduced the risk of errors, and enhanced my efficiency at using Word.
Track only your changes

Read more
Microsoft recommends you turn on this important Windows 11 security feature
microsoft defender ccleaner unwanted application windows

Ransomware is an ever-increasing threat, and that's why Microsoft is strongly recommending you turn on its new security feature in Windows 11. As TechRadar reports, the tech giant is encouraging users to activate Tamper Protection in Microsoft Defender.

Tamper Protection has a number of features designed to protect you from ransomware, and it all comes for free as part of Windows 11.

Read more
6 things you didn’t know you could do in Microsoft Word
A person using MS Word.

The first thing you fire up when you have a research paper, resume, or another important document to type up is likely Microsoft Word. There are lots of great things you can do with it, but there are also some secrets in Word that might surprise you.

Here are six things you didn't know you could do in Microsoft Word. We'll touch all the bases, including voice dictation, cropping images, and much more.
Voice dictation

Read more