lockyRansomware, what is it? Defined as “malware for data kidnapping,” it is one of the top security issues in the digital and cloud age, wherein the hacker or attacker encrypts data and asks for ransom (usually a Bitcoin payment) for the decryption key.

Today, another ransomware threatens the online community “Locky” that can hit you if you were ‘unlucky.’ It works similarly like the modus conducted by the banking software Dridex.

How Locky works?

A victim will be sent an email with a Microsoft Word attachment disguising as an INVOICE that requires macro.

[By default, Microsoft disables it due to security reasons. So a user normally will see a warning if an attachment contains it.]

Now if you would enable the macro function, it will run and then download Locky to your PC, according to the Palo Alto Networks.

[It is the same modus operandi used by Dridex, a notorious Trojan that steals banking account details.]

There are suspicions that the distributors of Locky are connected to one of the main men of Dridex because both use the same mode of malware distribution.

If you or your organization happens to be the unlucky target, your files will be unrecoverable unless you have a regular backup or if your data has not been touched yet.

Lately, the Hollywood Presbyterian Medical’s computer system was infected by ransomware in which the hackers ask for 9,000 bitcoins (or approximately US$3.6 million).

Reports indicated that the operators behind Locky may have conducted a large attack. Palo Alto Networks revealed that it had detected 400,000 sessions that used the same downloader “Bartallex,” which is the one that deposits the infection onto a computer system. Over half of the targets were recorded in the United States and the rest included Australia and Canada.

Locky utilizes its command-and-control infrastructure for conducting a memory exchange before encrypting the files.

Kevin Beaumont from Medium said that encrypted files have the ‘.locky’ extension. He wrote guidance on how to figure out who among the people in an organization has been infected and recommended that the active directory account of the victim must be locked and its network access must be shut down. Finally, he said that you are more likely to rebuild the victim’s PC from scratch.

Check out the full story here.

I pulled out the attempted hacks to this site over the last few hours. It is sad to see the direction this is taking.


I just received the message below via email. This is nobody I’ve been into contact with before and I did not download the linked file. Services like Wetransfer is getting popular and now unfortunately the hackers has caught on and is using this as a vehicle to get their trojans and viruses installed so be warned.

The message is a valid Wetransfer email, so the hackers has simply used their service and entered in me as a recipient of their no doubt virus file.


Have a Fraud-Free Holiday Shopping

globe2National Cyber Security Alliance executive director Michael Kaiser provided tips for a scam-free holiday online shopping. According to him, scammers lure their victims by offering incredibly low-priced products. When you encounter this, immediately turn it down. He also encouraged online shoppers to use secured connections and websites.

When making online payments, it is better to use third party payment like Amazon Payments, Apple Pay or PayPal to minimize the chance of inputting your credit card information. It is also good to check on reviews for vendors, especially when you are buying from an unfamiliar store. Lastly, monitor your accounts regularly.

Source: Seattle Times

Safe Tech Toys Shopping Tips 

Computer-MouseTech toys are among kids’ wish lists this holiday season. But parents should be warned that even tech toys are subject to online hacking. In a recent report, millions of children have been victimized by online attack on a tech toy manufacturer, Vtech Holdings Ltd. In relation to this, experts advised users to be careful on depositing personal information online and when you do, make sure you use a secured connection. It is also advised to verify the legitimacy of the company or toy manufacturer. Users are also strongly encouraged to be cautious when disclosing any information when purchasing online.

Source: CBC

Online Shopping Tips from Security Experts

security1Holiday season is the busiest season for online shopping. This is also the season when cybercriminals get active to stealing personal information. On this account, experts encourage users to protect their personal data and avoid clicking links sent via emails. It is also advised to verify merchant first before payment. You can also use tech apps for secured payments.

For credit card users, you can use a specific card just for holiday shopping. And lastly, it pays to check your statement of account to spot any suspicious amount or purchase you did not do. If such thing happens, notify your bank immediately.

Source: Low Cards

Screen-exclamationDirector of Homeland Security Chris Rodriguez issued advises to keep your seniors safe this holiday season, especially when cybercriminals are getting sophisticated these days. Most seniors were victimized by phone frauds when criminals pose as credit card reps asking for Social Security number and other details, targeting millions of health and personal records.

Stories about stealing information and healthcare personal info have been reported – all through similar sources, phone calls. The agency raises campaigns to educate seniors about such fraud activities and advise them not to disclose any information through phones. These campaigns have been launched in public forums for more audience.

Source: North Jersey

Screen-exclamationWith the crowded streets and malls, people opted to shop online this holiday season. However, it also makes them vulnerable to cybercrimes. OCIO shares some safety tips on how to stay secured when shopping online this holiday season. Among these tips, include safeguarding information such as credit card details and other personal info. It is discouraged to use free and public Wi-Fi, as they are not secured network, especially when it comes to online purchasing. Experts advise customers to shop at trusted and few online stores during holidays to track purchasing activities. It is also advised to monitor your account for any suspicious activity.

Source: The Lantern

computer2Black Friday is one of the few celebrated shopping days in the country. The radical increase in online shopping opens opportunity for cyber criminals. To stay safe for Black Friday shopping, follow these steps.

First, keep your devices from the eyes of strangers. Next is to make sure that your computer antivirus is updated for protection. Also, ensure that you use safe and secured connection and avoid using public Wi-Fi connection. Check on the shopping websites and make sure that it is a secured and legitimate site for product shopping. Lastly, check your bank statement and report any suspicious transaction immediately.

Source: Silicon Republic

Advice For A Safe Online Shopping

onlinesecure4Most Americans prefer online shopping this holiday for convenience. But there are tips to consider in order to stay safe when shopping online. Among these tips, include using secured connections and not the free Wi-Fi’s. Also, make sure to you use legitimate websites and official apps. When paying for online purchases, use credit cards and not debit cards. You can also use online payments using your phone, as they are safe from duplication. When using your phone, make sure that it is properly locked for safety. And the last but not the least, make sure that you check you statement of accounts and report any suspicious transactions immediately.

Source: USA Today