VIRUS ALERT – Locky ransomware virus spreading via Word documents

New updated story here: https://medium.com/@networksecurity/you-your-endpoints-and-the-locky-virus-b49ef8241bea#.pthlo2yk6

The email users get look a bit like this:

Attached is an Invoice Word document. It talks about remit payments.Virustotal here.

If Office macros are enabled it drops ladybi.exe, Virustotal here.

AV coverage is very poor – after over 24 hours in the wild, only 3 very niche vendors detect it. Update: most major antivirus products now detect, with the latest updates.

That loads itself into memory, deletes itself, encrypts your documents as hash.locky files, changes the desktop wallpaper, drops a .bmp file and opens it, drops a .txt file and opens it, and delete VSS snapshots. Encrypted files can include network files.

Article found here.