2019 State of Email Security Report
Actionable steps to improve your organization’s email security and cyber resilience.
Stop Locky ransomware with Mimecast
Locky ransomware is a new strain of ransom virus – a piece of malware that encrypts files on your hard drive and requires you to pay a fee to decrypt the files. Locky usually arrives as an email with an attachment that looks like gobbledygook. A message in the document advises you to enable macros if the file appears unreadable. If you do so, the macro runs code that saves the Locky ransomware to your drive and encrypts files that may include Office files, videos and images. To get your files back, the Locky ransomware file advises you to go to a page on the dark web where you'll receive instructions for making payment.
The impact of a Locky ransomware attack can be serious. The virus may encrypt any file in any directory on any drive it can access, including servers and other computers. If you are a domain administrator, the Locky ransomware virus can wreak havoc across your entire system.
To protect against ransomware like Locky, you need technology that combines state-of-the-art threat intelligence with user education and tools to block access to malicious links and attachments. That's exactly what you'll find with Mimecast.
Mimecast offers SaaS-based solutions for email security, archiving and continuity that can detect ransomware and other email-borne attacks and prevent users from inadvertently launching them.
Mimecast's anti ransomware technology is available as a subscription service, enabling you to quickly implement defenses against Locky ransomware. As an all-in-one service, Mimecast also provides protection against a broad range of other threats, including viruses, malware, phishing, spear-phishing and impersonation fraud.
To help you avoid ransomware attacks, Mimecast Targeted Threat Protection includes services to block access to URLs and attachments that may contain Locky ransomware or other viruses. Mimecast scans the URLs in every incoming and archived email, blocking access to websites that may be malicious. Suspicious attachments may be sandboxed until they are deemed safe, or rewritten to a safe format and delivered immediately to users. Mimecast also offers end-user awareness tools that train employees to spot signs of Locky ransomware and other advanced threats.
Mimecast helps to recover from a Locky ransomware attack quickly by providing a multipurpose cloud archive for off-site storage of email, files and IM conversations. With the ability to roll back versions of files to a point before the attack was launched, Mimecast neutralizes the impact of a Locky ransomware attack and speeds recovery efforts after an attack. Mimecast continuity services also enable users to continue using email during an outage caused by disaster, hardware failure, human error or an attack.
Learn more about avoiding Locky ransomware with Mimecast.
What is Locky ransomware?
Locky ransomware is one of the most dangerous types of ransomware – a form of cyberattack that uses malware to restrict access to a computer system or the files on it until a ransom is paid. First launched in 2016, Locky ransomware has sophisticated features that include a domain generation algorithm and server-side encryption that makes decryption almost impossible without paying the ransom to acquire a decryption key.
How does Locky ransomware work?
Users typically encounter Locky ransomware as a fake invoice attached to an email – usually a .doc file with an embedded script that gets executed when Word macros are enabled. If a user opens the attachment, they’ll see a garbled message with instructions to enable macros in order to see the message clearly. If the user takes this action, the Locky ransomware software is downloaded to the user’s computer, where it encrypts files with a new extension and issues a demand for payment on a ransom screen.
Currently there are no tools for decrypting Locky ransomware, as the technology behind this malware is among the most sophisticated of ransomware variants.
How to avoid Locky ransomware attacks?
The best way to protect your organization from the devastating effects of a Locky ransomware attack is to prevent the malware from entering your system in the first place. A broad approach to security is usually best. This should include anti-malware and antispam technology – these solutions can identify and stop phishing email and ransomware attacks that are already known and catalogued. To block new strains of ransomware, you’ll need a secure email gateway with capabilities for inspecting email headers and content and for deleting or quarantining any messages that show signs of phishing attempts or social engineering techniques. To address potential sender spoofing, you can use DNS authentication services that determine whether a sender’s address is legitimate using DMARC, SPF and DKIM protocols. And for additional protection, you can deploy advanced solutions that scan all email for dangerous links and attachments and block users from accessing them.
How to remove Locky ransomware?
Locky ransomware can be removed from computers using a number of third-party tools for deleting the code, but the only solution for regaining access to data (other than paying the ransom, which is discouraged by federal authorities) is to restore data from backup.
How to mitigate the damage of Locky ransomware?
Unfortunately, ransomware defenses may not stop every threat every time, so having a plan for dealing with a successful attack is critical to minimizing the damage from Locky ransomware and other threats.