VIRUS ALERT – Locky ransomware virus spreading via Word documents
The email users get look a bit like this:
Attached is an Invoice Word document. It talks about remit payments.Virustotal here.
If Office macros are enabled it drops ladybi.exe, Virustotal here.
AV coverage is very poor – after over 24 hours in the wild, only 3 very niche vendors detect it. Update: most major antivirus products now detect, with the latest updates.
That loads itself into memory, deletes itself, encrypts your documents as hash.locky files, changes the desktop wallpaper, drops a .bmp file and opens it, drops a .txt file and opens it, and delete VSS snapshots. Encrypted files can include network files.
Article found here.