Thought Leadership

Recommended Steps for Locky (Ransomware) Prevention

Information Security by Mainstream Technologies The ‘Locky’ malware is a ransomware variant, which has extensively utilized spam campaigns to distribute malicious files that download and execute code capable of encrypting numerous critical file types on both local and networked file stores. Encrypted files are renamed with a unique hexadecimal filename and receive the “.locky” extension. Each directory containing encrypted files contains instructions on how to utilize Bitcoin in order to pay a ransom for file recovery and the system’s computer background is also changed to contain payment instructions. Recovery of encrypted files is impossible without data backup or acquisition of the private key due to the well-implemented, strong encryption. While payment of the ransom may result in receipt of the valid private key, enabling decryption of the targeted files, the FBI does not recommend the victim pay the ransom.

Recommended Steps for Locky (Ransomware) Prevention[1]

  • Implement an awareness and training program. Because end users are targeted, employees and individuals should be made aware of the threat of ransomware and how it is delivered.
  • Enable strong spam filters to prevent phishing e-mails from reaching the end users and authenticate in-bound e-mail using technologies like Sender Policy Framework (SPF), Domain Message Authentication Reporting and Conformance (DMARC), and DomainKeys Identified Mail (DKIM) to prevent e-mail spoofing.
  • Scan all incoming and outgoing e-mails to detect threats and filter executable files from reaching the end users.
  • Ensure anti-virus and anti-malware solutions are set to automatically conduct regular scans.
  • Manage the use of privileged accounts. Implement the principle of least privilege. No users should be assigned administrative access unless absolutely needed. Those with a need for administrator accounts should only use them when necessary.
  • Configure access controls including file, directory, and network share permissions with least privilege in mind. If a user only needs to read specific files, they should not have write access to those files, directories, or shares.
  • Disable macro scripts from Microsoft Office files transmitted via e-mail. Consider using Office Viewer software to open Microsoft Office files transmitted via e-mail instead of full Office suite applications.
  • Implement Software Restriction Policies (SRP) or other controls to prevent programs from executing from common ransomware locations, such as temporary folders supporting popular Internet browsers or compression/decompression programs including the AppData/LocalAppData folder.
  • Implement application whitelisting and only allow systems to execute programs known and permitted by security policy.
  • Categorize data based on organizational value and implement physical/logical separation of networks and data for different organizational units.

[1] FBI Flash 28 July 2016

  • Industry

  • Category

  • Regulation

  • Solution

Little Rock, AR | Conway, AR | Bentonville, AR

325 West Capitol Ave., Suite 200
Little Rock, AR 72201

Central Arkansas 501.801.6700

Northwest Arkansas 479.439.5700

Toll Free 1.800.550.2052

Mainstream Technologies, Inc., Information Technology Services, Little Rock, AR
© Copyright 2021. Mainstream Technologies, Inc. All Rights Reserved. Privacy Policy | Sitemap