In just the past 24 hours, the Trojan “Locky” has infected about 17,000 computers in Germany. This was announced by the British IT expert Kevin Beaumont on Friday afternoon SPIEGEL ONLINE. The effects of “Locky” in Germany were enormous, he wrote in a statement.
Germany is therefore by far the most affected country. In the US, almost 11,000 computers have been infected in the past 24 hours followed by the Netherlands and Italy with about 5000 new infections.The Network Group Palo Alto Networks assumes that already 400,000 computers are affected by the Trojans worldwide and the blackmailers have generated several hundred thousand dollars. According to “Heise” hiding “Locky” possibly for a long time on many computers and has now been centralized armed.
According to the dpa “Locky” has taken root among others at the Fraunhofer Institute in Bayreuth there paralyzed about 60 PC workstations on Wednesday. The malicious software is apparently passes through one of the computer workstations in the network of the Institute and had then copied automatically.
Even a hospital in Los Angeles has been paralyzed by the malware a “Forbes” According to credit report. To return to the encrypted data after the attack, the hospital had even paid an amount of US $ 17,000.
To destroy “Locky” the data on the computers
the blackmailer infect Windows computers with a trojan, the first encrypted key files and then renames. The documents have .locky the ending after the process, therefore, the Trojan takes its name. The encryption is impossible to crack if the details of the blackmailer agree. Thus, the files are rendered useless with a RSA crypto key and AES encryption.
Once the files are encrypted, a ransom note appears with a ransom demand. The letter exists in several languages and appear in this country and in German from the affected users.
It is clear that the files can be saved only with special software called “Locky Decryptor”. And to this program require the blackmailers an amount of 0.5 Bitcoin, which corresponds, according to the current exchange rate of cryptocurrency around 200 euros.
The blackmailers have chosen this method of payment because they can not be tracked so. Bitcoin transfers run from encrypted and therefore can not be tracked. “Payments with Bitcoins is quite common, because together with the Tor network a high degree of anonymity provides,” said security expert Christian radio Kaspersky Lab SPIEGEL ONLINE.Employees of the anti-virus company had discovered two possible surfaces for the malicious software mainly. ” ‘Locky’ passes through fake invoices annexed to the PC,” says Funk. Once the attachment will open, the malware will be downloaded automatically. The emails are among others a German release of an alleged sausages Group to settle a score. Attached to this email is a zip file that hides the javascript malware.
But, users can also use the browser einhandeln the Trojans. “We have discovered some legitimate websites that deliver the ‘Locky’-malicious software.” If a vulnerability on the computer can be exploited, it is enough to visit the site to destroy the data on the Windows PC.
Since “Locky” only since about two weeks everywhere on the web, respond many anti- virus programs not yet on the threat. “Locky” is not recognized concretely Even with Kaspersky. According to information but prevents the ransomware protection that “Locky” propagating. ” ‘Locky’ is currently a very big problem” and spread very rapidly, says Funk. In the software if it were a completely new variant known as ransomware ( “Ransom Software”).And so to protect yourself from infection:
- Be careful with e-mail attachments
Disable the macro function in documents that you receive via email. Especially with messages from strangers, be careful. “Locky” is introduced, according to security experts usually via e-mail attachments that masquerade as a harmless Word document, but run the malicious software in the background.
- Data as back-up secure
“Locky” encrypts the files, according to the blackmailer so well that they become unusable. Back up your data so that they can recover your documents in an emergency, if possible by back-up. The best location is a sure a hard drive that is not always connected to the PC as an external USB drive.
- Use
In order to close security holes, you should bring current software as possible all the programs on your computer up to date , Install patches for the browser, for Office applications and the Flash Player. Malware exploit vulnerabilities in this software. With updates the likelihood that the malware could exploit a gap.
No comments:
Post a Comment