The ITS Security team would like to make the campus community aware of a new piece of malware, called “Locky”, that is actively being circulated online.  Locky is part of a new breed of malicious software called ransomware, as its primary purpose is to encrypt or “lock” a user’s files and force the individual to pay a ransom to regain access to their files.  This malware is also doubly dangerous as it not only encrypts all of a user’s files on their local computer, but can also infect files on any networked file share that the user may share with others.

Locky is currently being spread via email as an attached Word document.  When opened, the Word document will initially appear corrupt, but will prompt the user to enable macros in order to see the full content.  While macros are disabled in Word by default, clicking the prompt to enable macros will cause the computer to download and execute the malicious software that is responsible for encrypting all of the files.

Please use caution when opening any attachment received via email if it is unexpected, from a sender unknown to you, or the language or content is suspicious in any other way.  If you receive an attachment that you are unsure of, you may report the content to abuse@memphis.edu for further analysis.  If you do open an attachment that appears to be suspicious or malicious, please contact the ITS Service Desk by phone at (901) 678-8888, via email at umtech@memphis.edu, or your LSP for further assistance.

For additional information regarding malware, phishing, and other online threats, please visit the ITS Security website at http://www.memphis.edu/its/security.