department menu

LOCKY Ransomware Resurfaces

What is it?

LOCKY is a ransomware that was originally release in 2016.  This new version of the LOCKY ransomware uses a Microsoft Word document to infect systems, encrypt them, and hold the user's files for ransom.  The virus utilizes a botnet of zombie computers to coordinate phishing attacks that appear to come from the recipient's multi function printer.  The emails often contain the subject "Scanned image" to trick users in to thinking the messages are legitimately from their printer or scanner.

How does this affect you?

If you receive an email message with the subject line containing the words "Scanned image" and you haven't recently scanned anything, please forward the email to abuse@csusm.edu and delete the email from both your inbox and deleted items folder.  On your personal computers, it is essential to back up any data that you do not want to lose.

How can you protect yourself?

As with all phishing scams, you can follow these steps to ensure that you do not get phished:

  • Do not open emails that were not expecting to receive, and especially do not open attachments
  • If you receive an unsolicited email that seems suspicious, forward it to abuse@csusm.edu or call the Helpdesk at x4790
  • If your computer does get infected, call the Helpdesk immediately or email infosec@csusm.edu

Further Reading: