[kictanet] Fwd: RANSOMWARE BY NAME LOCKY.

Thu Mar 24 13:32:59 EAT 2016

Listers,

I'm not sure if you have heard of this ransom-ware called 'Locky'. I'm
forwarding this email FYI, its important not to open any attachments with
executable files especially if they are unsolicited emails.

Locky is the worst because the only way out if you don't have backups
stored elsewhere you are forced to pay a ransom.

http://www.symantec.com/connect/blogs/locky-ransomware-aggressive-hunt-victims

Regards
Rop

---------- Forwarded message ----------
From:

Wisdom Donkor <wisdom.dk at gmail.com>
Date: Thu, Mar 24, 2016 at 11:52 AM
Subject: [governance] RANSOMWARE BY NAME LOCKY.

Dear All,
Yesterday at 2:38pm an employee in one of the organisation in Ghana was
attacked by ransomware by name locky, this ransomware was sent in an email
with an attachment , the attachment contained an ms-word document with a
malicious macro, the locky program was activated when the user clicked
"enable editing " after the document was opened, this macro begun an
encryption process using a RSA-2048 and AES-128 algorithm, the encryption
process targeted the following file extensions
 *.docx;*.pdf;*.pptx;*.xlsx;*.doc

Yesterday Three US hospitals were hit by "locky" as well,The IT systems of
Kentucky Methodist Hospital and Chino Valley Medical Center and Desert
Valley Hospital, California, were infected with this ransomware,
The files cannot be recovered unless the victim has an offline backup to
recover from or pays a ransom with bitcoins via the darkweb,the attackers
promise to send the private key in a compiled program to decrypt the
victim's files after they receive payment.
System restore cannot restore files just settings so it will not help in
this case.

Third-party recovery software cannot recover the encrypted files because
the files are not considered as deleted. The previous ransomware by name
"cryptolocker" did not rename the files it encrypted so it was possible to
recover your files by using the windows "previous version" feature, however
"locky" renames all the files it encrypts so that windows cannot index the
file's shadow copies to recover them.

CERT-GHANA recommends that all users open email attachments with caution
especially executable files.

Cheers,

*WISDOM DONKOR (S/N Eng.)*
ICANN Fellow / ISOC Member, IGF Member, Diplo Foundation
OGP Working Group Member, Africa OD Working Group Member
E-government and Open Government Data Platforms Specialist
National Information Technology Agency (NITA)
Ghana Open Data Initiative (GODI)
Post Office Box CT. 2439, Cantonments, Accra, Ghana
Tel; +233 20 812881
Email: wisdom_dk at hotmail.com
wisdom.donkor at data.gov.gh
wisdom.dk at gmail.com
Skype: wisdom_dk
facebook: facebook at wisdom_dk
Website: www.nita.gov.gh / www.data.gov.gh
www.isoc.gh / www.itag.org.gh

____________________________________________________________
You received this message as a subscriber on the list:
     governance at lists.igcaucus.org
To be removed from the list, visit:
     http://www.igcaucus.org/unsubscribing

For all other list information and functions, see:
     http://lists.igcaucus.org/info/governance
To edit your profile and to find the IGC's charter, see:
     http://www.igcaucus.org/

Translate this email: http://translate.google.com/translate_t
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.kictanet.or.ke/pipermail/kictanet/attachments/20160324/30b5099d/attachment.htm>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: ransom.jpg
Type: image/jpeg
Size: 41697 bytes
Desc: not available
URL: <https://lists.kictanet.or.ke/pipermail/kictanet/attachments/20160324/30b5099d/attachment.jpg>