18. October 2016

New version of Locky ransomware in circulation again

G DATA security experts analyse extortion Trojan.

Extortion Trojan Locky caused a sensation among computer users and in the media some eight months ago. Now a new development of the malware is being distributed again. The files it encrypts are given the file ending .ODIN. Malware analysts at G DATA have examined the ransomware more closely and present their results in the SecurityBlog. Users of current G DATA security solutions are protected: the malware investigated is known as Script.Trojan-Downloader.Locky.CQ or Win32.Trojan-Ransom.Locky.CQ.

How can I protect myself?

  • The best protection against ransomware is to perform regular backups. Those must be stored on a medium separate from the system. If you run a backup to an external hard disk, remove it after the backup and ensure that this storage medium is offline unless it is needed. With regular backups you can ensure that you do not lose any data in the event of an actual ransomware infection and can easily restore your system. When doing so, make sure to use a secure medium such as a CD that cannot also become infected.
  • An infection can also be prevented if the user does not log in with his admin account at all times, but sets up a guest account instead. As this account has fewer rights, ransomware cannot penetrate as deeply into the system and, ideally, will not cause any damage.
  • In addition to this, regular updates your operating system should be performed. In this way you can close security holes. The same applies to your browser and any other software installed on your system.
  • Browser protection is also useful for protecting you from dangerous scripts and from accidentally downloading malware.
  • Bogus and fraudulent emails can be made secure while still in your inbox via special security software. That way, such emails are no longer a problem. Antivirus software also detects malware such as Trojans and deletes it.

Media:

Files: