Kansas State University

search

IT News

Beware of new Locky malware that uses malicious Word macros

“Locky” is a new “crypto-ransomware” type of malware that locks up your computer files and requires a monetary payment to unlock them. Locky is delivered via email as an invoice in a Word attachment.

Details from one ransomware email are shown below; this may be one of many variations.

Subject line: ATTN: Invoice J-98223146

Message:  Please see the attached invoice (Microsoft Word Document) and remit payment according to the terms listed at the bottom of the invoice.

If you click on the attachment, you are encouraged to “enable macros”. If you comply and enable macros, malicious code is installed and the malware attack begins. The malware will begin to encrypt your files and attach the “Locky” extension. A ransom note is then left in every directory that has been infected, informing you to make a payment in order to unlock your files.

For specific details about the malware and what it will do to infected systems, see Trend Micro’s article “New Crypto-Ransomware Locky Uses Malicious Word Macros.”

If you receive a ransomware email, do NOT click on the attachment. Send the original email with full Internet headers to abuse@k-state.edu, and delete the email.  How to include full email headers is at k-state.edu/its/security/report/getheaders.html.