Go to top of page

‘Locky’ ransomware campaign

Priority Level: 
Moderate
26 October 2017

In light of recent publicity about the potential threat of Bad Rabbit ransomware, it’s important to be aware that some longstanding ransomware threats are periodically circulated to Australian internet users. Currently malicious emails are being sent from numerous fake email addresses containing an attachment entitled ‘Invoice_file_26530.doc’ or similar that could infect your computer with Locky. The email simply says:

“Your Invoice is attached. 

If you feel you have received this email in error, please reply to this email to inform us of any necessary corrections.”

Never open attachments from unexpected sources. The following key steps show how you can become infected with Locky ransomware if you:

  • have mistakenly opened the attachment;
  • do not carefully consider the information presented to you;
  • and change the default setting of ‘No’ to ‘Yes’.

Stay Smart Online recommends not opening the attachment. If the attachment is opened the following prompt will be received:

Image of Microsoft Word pop up showing Locky ransomware attempting to update documents

Stay Smart Online recommends clicking ‘No’. If ‘Yes’ is clicked a prompt will be presented ‘to start the application’ as shown here:

Image of Microsoft Word asking to start Locky ransomware application

Stay Smart Online recommends clicking ‘No’. If you select ‘Yes’ again you are likely to install the ransomware on your computer and potentially your network.

What is ransomware?

Ransomware is a type of malicious software (malware) that makes your computer or its files unusable unless you pay a fee. However we recommend you do not pay the fee as there is no guarantee you’ll recover your information, and you’ll become a target for more attacks as the criminals know you’re prepared to pay up!

Overseas, there are reports of another ransomware campaign called Bad Rabbit that is disguised as an Adobe Flash update from websites. Currently there are no reports of this in Australia but it is important to be aware of suspicious requests to download files.

What to do if you’ve paid the ransom

If you’ve given your credit card or account details to pay the ransom, contact your financial institution immediately.

How to stay safe

If you receive the Locky ransomware email, delete it immediately. Never open attachments from unexpected sources.

The best way to reduce the impact of a ransomware incident is to create regular backups of your important files.

It is important to be vigilant in combating the threat of ransomware as new types are constantly emerging.

More information

To find out how to avoid ransomware, including the importance of backing up your data, see Stay Smart Online.