New Ransomeware Encrypts files on unmapped shares

Up until now Cryptolocker / ransomware has encrypted local files and files locates on remote machines that are mapped to the infected workstation.

A  new ransomware has been discovered called Locky that encrypts your data using AES encryption and then demands .5 bitcoins to decrypt your files. It targets a large amount of file extensions and even more importantly, encrypts data on unmapped network shares.  Like CryptoWall, Locky also completely changes the filenames for encrypted files to make it more difficult to restore the right data.

Locky is being distributed via email, one method being attaching Word documents containing ATT: Invoice and messages such as “Please see the attached invoice”.

Locky Decrypter Page: