Last updated: January 1, 2023
Weird bill by email? Please don't click. Hackers have found a new method to bypass your vigilance.
Today we discovered Locky, a new ransomware which will lodge itself directly in a Word file and which could do great damage to your computer.
To recall, a ransomware is malicious software whose objective is to hold your data hostage in exchange for a ransom. To do this, ransomware encrypts your personal data (Word, PDF, Excel, JPG, etc.). Then the hackers asks you to pay in exchange for the encryption key.
How does it work ? In the case of locky, the hacker sends you an email with a Word or XLS file attached.
These DOC or XLS files use a piece of Visual Basic code called "Drixed". This "script" then allows you to load all kinds of crap into your PC: to take control of your PC.
Like most malware, it requires human manipulation (social engineering) to install on a computer. It is usually by email or the hacker explains to you that an invoice has been sent to you. And that you will find all the information in the attached file.
If you have unfortunately opened the Word or Excel document, it is too late. Malware quickly installs itself and encrypts your documents. And when you try to open its files, a web page tells you how to pay the ransom. Often they offer to pay between $ 500 and $ 1.000 in Bitcoins using the Tor network.
The best way to protect yourself is not to open this type of attachment, especially from unknown senders and make backups valid and regular important files.