Image credit: Francesco Gasparetti, https://commons.wikimedia.org/wiki/File:Flickr_-_Gaspa_-_Dendara,_tempio_di_Hator_(56).jpg

Locky Ransomware Switches from Norse to Egyptian

Locky, a popular strain of ransomware, has used the names of Norse gods like Odin and Thor as their file extensions up to now.  They’ve switched to Egyptian gods with the new .osiris extension.  What else is going on with Locky these days?

Osiris is mostly being spread with a phishing technique where an Excel file is sent as an email attachment under the auspices of being an invoice.  The file is blank when opened, and a user is prompted to enable macros in order to read the content.  When the macros run, the computer becomes infected with Locky.

A ransom note appears with a demand of 2.5 Bitcoins to be regain access to your computer’s files.  2.5 Bitcoins may not sound like much, but as of this writing, 2.5 Bitcoins is equal to $1930.55 USD.

There’s currently no known cure to decrypt your files for this strain of Locky.  Backups are one possible solution, but Locky also attempts to erase copies, but it might work.  Outside of that, the best solution is to not fall for the phishing scheme.  If you receive an email attachment from someone you don’t know, don’t open it.  If you’re not sure whether or not it’s legit, contact us to discuss it.

Leave a Comment