Skip to main content
  1. Home
  2. Computing
  3. News

‘Locky’ ransomware harnesses the power of Microsoft Word to trick you into paying

By

Ransomware is a form of malware that’s more annoying than usual both because it revokes access to your computer, and because it then has the nerve to charge you money in order to reverse the lockout. A new type of ransomware, called Locky, appears to deceive users by taking after banking software Dridex.

In a typical Locky attack, victims are emailed a Microsoft Word document disguised as an invoice that requires that a macro app be executed from within the word processor. By default, macros are disabled by Microsoft. If you happen to have enabled them yourself, though, a macro will open from within Word and download Locky to your computer, explained Palo Alto Networks in a blog post earlier this week.

Recommended Videos

Because of the similarity to a process used by Dridex, many reports are assuming that the developer behind Locky bears some affiliation with the banking software developer “due to similar styles of distribution, overlapping file names, and an absence of campaigns from this particularly aggressive affiliate coinciding with the initial emergence of Locky,” Palo Alto stated.

Related: 
Best new movies to stream on Netflix, Hulu, Prime Video, HBO Max, and more

The way ransomware works is that files on the computer are usually encrypted at the user’s expense, literally, as the malicious software will take control of your personal data and then charge a fee for you to regain access.

It appears the coders behind Locky were planning an attack on a colossal scale. In fact, Palo Alto Networks claims to have uncovered 400,000 sessions that take advantage of the Bartallex macro application used by the ransomware in question.

Unlike other ransomware, Locky’s command-and-control infrastructure tries to employ a key exchange in memory prior to file encryption. Notably, PC World states that this could serve as a weak point for the ransomware.

“This is interesting, as most ransomware generates a random encryption key locally on the victim host and then transmits an encrypted copy to attacker infrastructure,” Palo Alto’s post explains. “This also presents an actionable strategy for mitigating this generation of Locky by disrupting associated” command-and-control networks.

Kevin Beaumont, who wrote a Medium post about the ransomware, points out that files affected by a Locky attack are, quite logically, labeled with a “.locky” extension.

Beaumont adds that for those users affected by Locky within an organization, “You will likely have to rebuild their PC from scratch.

Gabe Carey
Gabe Carey
Former Contributor
A freelancer for Digital Trends, Gabe Carey has been covering the intersection of video games and technology since he was 16…
Topics

Editors’ Recommendations

Microsoft Copilot: how to use this powerful AI assistant
Man using Windows Copilot PC to work

In the rapidly evolving landscape of artificial intelligence, Microsoft's Copilot AI assistant is a powerful tool designed to streamline and enhance your professional productivity. Whether you're new to AI or a seasoned pro, this guide will help you through the essentials of Copilot, from understanding what it is and how to sign up, to mastering the art of effective prompts and creating stunning images.

Additionally, you'll learn how to manage your Copilot account to ensure a seamless and efficient user experience. Dive in to unlock the full potential of Microsoft's Copilot and transform the way you work.
What is Microsoft Copilot?
Copilot is Microsoft's flagship AI assistant, an advanced large language model. It's available on the web, through iOS, and Android mobile apps as well as capable of integrating with apps across the company's 365 app suite, including Word, Excel, PowerPoint, and Outlook. The AI launched in February 2023 as a replacement for the retired Cortana, Microsoft's previous digital assistant. It was initially branded as Bing Chat and offered as a built-in feature for Bing and the Edge browser. It was officially rebranded as Copilot in September 2023 and integrated into Windows 11 through a patch in December of that same year.

Read more
Microsoft Word may delete your files — here’s how to avoid it
Windows 11 logo on a laptop.

There's a new bug in Microsoft Word that may delete your files, and according to user reports, they're not always recoverable through the Recycle Bin. Fortunately, Microsoft is aware of the problem, but it's unclear when the issue might be fixed. If you want to make sure that your files stay safe, we've got a few workarounds to help you out.

In the last few days, the Microsoft community boards have been flooded with reports of people complaining about their files randomly being deleted, with one user saying: "I use Word. Today, it deleted eight hours of work." Further reports quickly made it clear that the affected files have a few things in common.

Read more
It’s official — Microsoft WordPad is dead after 29 years
A screenshot of Microsoft WordPad running on Windows 11.

The Windows 11 2024 Update, otherwise known as version 24H2, started rolling out yesterday, but if you've already updated, you might notice something is missing. WordPad's deprecation has become a reality, as it has been completely removed from the new version of Windows 11.

This might not be a big deal to most users -- the lack of people using the app is part of the reason it was deprecated, after all. If you don't know, WordPad has been around since Windows 95, and in terms of features and functionality, it offers more than Notepad, but less than Microsoft Word.

Read more