panalogix.blogg.se - Powershell crypto locker

In this case, the attached Word is called invoice_J-67870889.doc

The email that it comes attached in is the following: These are some of the URLs hosting malware: When the Word document that started the infection is opened, it downloads Locky, and what we have seen is that in all cases the malware comes from a legal website which has been compromised. In fact, if we suspect that we have been attacked by Locky we can look for one of these files in our computer – if they’re there, then we know Locky has paid us a visit:

Once finished, it opens a file called “_Locky_recover_instructions.txt” in the notepad.

It deletes any security copies that Windows has made and starts to encrypt the files.

Upon opening the document the macros infects the computer.

It arrives by mail and the attachment is a Word document with macros.

We don’t know if you’ve heard of the new Ransomware which is called ‘ Locky’…