Locky Virus is being pushed aggressively through mail and is spreading via spam email campaigns.
The virus has the reputation of being biggest IT threat of 2016 so far. Its aggressive global threat through spam emails and compromised websites is leaving top security companies such as Sophos, Norton, Trend and McAfee scrambling to respond.
The emails often look legitimate but as soon as an attachment or link is opened the virus starts to download. Viral email campaigns are not easily detected – they have no fixed pattern and frequently change format / strategy.
“Symantec (supplier of leading anti-virus software) reported that in just 2 days they blocked more than 5 million spam emails associated with Locky.”
WHAT YOU CAN DO?
- EDUCATE all staff and users about what Locky is, how the virus operates and what to look out for
- APPOINT AN IN-HOUSE CHAMPION to monitor incoming mail, particularly if you have Mailmarshal running in your office. As security policies are tightened it is inevitable that some legitimate mail will be blocked along with the spam. It is better to have someone educated on what to look for to filter these, rather than leaving it totally up to individual end users
- BACKUP REGULARLY AND TEST YOUR BACKUPS to ensure the data you need can be restored reliably
- DON’T ENABLE…OR DISABLE MACROS in documents received via email. Microsoft turned off auto-execution of macros as a default setting many years ago as a security measure. A lot of malware infections rely on persuading you to turn these disabled macros back on. Don’t do it!
- BE CAUTIOUS AND VIGILENT about unsolicited emails and attachments. The Locky virus relies on you opening a document or link before you are aware it could be dangerous. It is better to be overly cautious than pay the hefty price of infection
- RESTRICT USER RIGHTS / ADMINISTRATOR ACCESS and do not stay logged in longer than strictly necessary. Ensure users do not have more log-in and user rights than they need and try to avoid browsing, opening documents or other “regular work” on an account with admin rights
- PATCH/UPDATE EARLY AND OFTEN. Not all Malware arrives via email and/or document macros. Some rely on security holes and bugs which are only preventable by keeping your system, software and antivirus up to date
- RESTRICT WRITE PERMISSIONS on file servers as much as possible and ensure only users who require the permissions are granted them
- USE ADVANCED ENDPOINT PROTECTION that can identify new malware variants and detect malicious traffic and make sure it is configured to suit your business needs. For example, some businesses may prefer to block all suspect mail, while others may prefer to manage the risk by only blocking certain attachment types
- USE WEB AND EMAIL PROTECTION to block access to malicious websites and scan all downloads
WHAT CAN YOUR IT PROVIDER BE DOING?
- EDUCATE: Meet with you and your staff to explain the risks and provide useful user information to mitigate risks in the workplace
- TRAIN: Equip in-house managers with information and tools to assist with daily mail management
- AUDIT: Backup procedures and systems to ensure they meet minimum standards and minimise risk
- AUDIT PASSWORD/LOGINS AND NETWORK/ADMINISTRATION ACCESS: To minimise and tighten up potential security risks
- SCHEDULE REGULAR NETWORK MAINTENANCE: Ensuring all checks and measures are in place
- RECOMMEND BEST ENDPOINT PROTECTION OPTIONS: Based on business needs and budgets. Advice and help with configuring the software to meet your specific business needs while ensuring protection required
DO YOU NEED HELP WITH MANAGING LOCKY VIRUS RISKS?
IT Support is an Auckland based company delivering technical IT services and advice to businesses. They are Gilligan Sheppard’s IT provider and can help you if needed. Specialising in total IT technology solutions, services include design, development, implementation and support of business networks, applications, systems integrations and management and maintenance including cloud based services.