Thanks for the heads-up on this one, Blumbly.
I tend to be less than fully aware of Windows nastyware and virii, as I run a Linux system. This one is very nasty, as it will affect
all drives the infected PC has write access to, not just the local C: drive. Including removable drives that are plugged in at the time.
A couple of good rundowns on Locky Ransomware are here:
SITE 1 and
SITE 2.
Both of these have info on commercial antimalware programs that will specifically prevent ransomware from acting.
'Malwarebytes', a very respected malware protection/removal software company, has a specialised anti-ransomware offering in beta testing now, too.
'Site 2' also includes info on a copycat ransomeware known as 'AutoLocky', which can be recovered from fairly readily, unlike the original 'Locky'.
If you become aware of the Locky attack soon enough, it may be possible to recover some [though probably not all] of the trashed/encrypted files with 'file recovery software' -
after removing the malware. From Site 1:
Method 3: File Recovery Software
When Locky encrypts a file it first makes a copy of it, encrypts the copy, and then deletes the original. Due to this you may be able to use file recovery software such as R-Studio or Photorec to possibly recover some of your original files. It is important to note that the more you use your computer after the files are encrypted the more difficult it will be for file recovery programs to recover the deleted un-encrypted files.
Lastly, while MS Office documents are well known to be high-risk for malware via macros, PDF files can also carry nasty payloads.
So it's not a good idea to open PDF's attached to e-mails from untrusted sources.
See
SITE 3 for a useful rundown.
