Locky ransomware trojan
Don’t get caught into its trap!

Locky ransomware trojan is  quickly spreading. This ransomware usually infects your computer hidden in the emails, as invoices or warnings which unfortunately appear genuine and trustworthy due to the address data and the imaging used. Every person who sends an email to a golf computer may, through no fault of their own, infect all the networked computers with Locky, and as such, inadvertently contribute to shutting down the golf industry (from the data processing perspective). Attention: Locky

• The existing antivirus software cannot protect your computer from Locky.
• Always immediately delete any suspicious emails!
• Be careful about unsolicited and unexpected emails. Do not click on the links, do not open the attachments (for example, ZIP archives)! Immediately delete these emails.
• Being a ransomware, Locky differs from the viruses in that, after the link or the ZIP file has been opened, a prompt will appear, which the user must positively confirm. Locky currently masquerades as "Javascript". Cancel the installation using this query form, if you haven't done it already!
• Immediately inform your IT supervisor if you have any doubts.

Upon suspicion

• Stop Locky: immediately disconnect the affected computer(s) from the network. The best way to do it is to pull out the network connector before affecting other files on the other computers or on the server.
• Shut down the affected computer(s). If you are unsure which computers are affected, turn them all off to stop the encryption.
• Contact your IT technician or supervisor in order to plan further actions.

This is how Locky works

• Locky gradually encrypts all documents (Word, Excel, etc.), image files and databases, so that the programs cannot longer be executed.
• In the affected folders you will find text files with the blackmail letter requesting some kind of ransom payed using Bitcoins (1Bitcoin = 387 EUR, at today's rate). Decryption upon payment is not guaranteed. The BSI (see below) does not recommend paying.

Precautionary measures
The Federal Office for Information Security (BSI - Das Bundesamt für Sicherheit in der Informationstechnik) has published a guide on the subject. Heise Online - an online German magazine with IT news - quotes reputable sources on this subject.

• Heise Online article: BSI guide for dealing with the ransomware trojan (in German, last accessed on 16.03.2016)

As Locky is usually detected only after 2-3 days, an existing external data backup over several generations is essential. We recommend the following:

• Check with your IT department the stability of your processes for data backup and data protection. Do you have a contingency plan? Is there a backup over several generations?
• PC CADDIE offers an external data backup service, in a German data center. Here your data is copied, encrypted, and protected in several versions.
  › PC CADDIE://online Cloudbackup
• If you are not sure what to do, you can schedule a meeting with the „GolfIT CheckUp“, and you can discuss your IT-structure, stability and security with an independent consultant, you can check you data backup, and in the end discuss the conclusions together with your IT staff.
  › PC CADDIE://online GolfIT CheckUp (PDF in German)

Please send us an email if you want to discuss with us: support (at) pccaddie-online.de.