Locky Ransomware Campaign Targets SMBs

“Locky” Ransomware Campaign Targets SMBs

There is a largescale spam campaign currently targeting small and medium sized businesses, known as Locky. Locky is a ransomware campaign, designed to rename and encrypt file extensions on your machine, forcing you to purchase a decryption key from the perpetrators of this ransomware.

The current Locky ransomware campaign is a spam email with the subject: “FW: INVOICE COPY” which may appear to come from a fake email address at your company. The spam email will include a Zip File as an attachment, which includes the ransomware executable script.

Victims of Locky must open the Zip attachment, download the enclosed file, and agree to run the script in order to be infected with ransomware.

How This Impacts You

Tier1Net customers enrolled in McAfee Email Security are protected from this threat, as McAfee Email Security by default blocks all incoming Zip Files.

Please note that McAfee Email Security Clients may receive a Delivery Notification Email stating that the delivery of “FW:INVOICE COPY” was successfully denied. No further action is required.

If you are not enrolled in McAfee Email Security, please be vigilant as always about suspicious emails with attachments. Never open any Zip files without confirming authenticity with the sender first.

Steps Tier1Net is Taking

Tier1Net is working with McAfee to ensure that all executable scripts are being blocked, as well as Zip attachments.

If you have any questions about the Locky ransomware campaign, please call our office at (781)935-8050.

For more information, please visit:



Leave a Reply

Your email address will not be published. Required fields are marked *


HTML tags are not allowed.