Locky Ransomware Freezes Your Files, Spreads Via Microsoft Word Document

Reading time icon 2 min. read


Readers help support MSpoweruser. We may get a commission if you buy through our links. Tooltip Icon

Read our disclosure page to find out how can you help MSPoweruser sustain the editorial team Read more

A ransomware called ‘Locky’ is spreading via a Microsoft Word document. Attackers are sending users an infected document file purporting to be an invoice, opening which installs the malicious program on the system.

First reported by security researchers at Palo Alto Networks, the Word file in question triggers actions that require macros, small applications that automate frequently-used tasks, to run. Microsoft has disabled macros by default out of security concerns, but the document that comes attached to the email by attackers tricks users into enabling macros.

Those who do that, see Locky ransomware getting downloaded and installed on their computer. A staggering number of users are falling for this, apparently. “Using Palo Alto Networks AutoFocus, Unit 42 observed over 400,000 individual sessions containing the Bartallex macro downloader, which in turned dropped Locky ransomware onto victim machines,” researchers at Palo Alto Networks wrote.

Once installed, Locky locks down all your files in the computer and requires you to pay a sum of money in within their mandated period of time. Failure to do so renders all files on the system useless leaving users with very little to do.

The attacks are currently largely targeted to people in the United States, Canada, and Australia. Though, users elsewhere should also take a note of this, and must avoid clicking on any suspicious file.

In a statement to MSPoweruser, Microsoft acknowledged the Locky ransomware, pointing us to this Locky’s entry in its malware encyclopedia, and assured us that it warns users about them. “Microsoft security software detects and removes Locky malware,” said a Microsoft spokesperson.

User forum

4 messages