Listers, I'm not sure if you have heard of this ransom-ware called 'Locky'. I'm forwarding this email FYI, its important not to open any attachments with executable files especially if they are unsolicited emails. ​Locky is the worst because the only way out if you don't have backups ​stored elsewhere you are forced to pay a ransom. http://www.symantec.com/connect/blogs/locky-ransomware-aggressive-hunt-victi... Regards Rop ---------- Forwarded message ---------- From: ​​ Wisdom Donkor <wisdom.dk@gmail.com> Date: Thu, Mar 24, 2016 at 11:52 AM Subject: [governance] RANSOMWARE BY NAME LOCKY. Dear All, Yesterday at 2:38pm an employee in one of the organisation in Ghana was attacked by ransomware by name locky, this ransomware was sent in an email with an attachment , the attachment contained an ms-word document with a malicious macro, the locky program was activated when the user clicked "enable editing " after the document was opened, this macro begun an encryption process using a RSA-2048 and AES-128 algorithm, the encryption process targeted the following file extensions *.docx;*.pdf;*.pptx;*.xlsx;*.doc Yesterday Three US hospitals were hit by "locky" as well,The IT systems of Kentucky Methodist Hospital and Chino Valley Medical Center and Desert Valley Hospital, California, were infected with this ransomware, The files cannot be recovered unless the victim has an offline backup to recover from or pays a ransom with bitcoins via the darkweb,the attackers promise to send the private key in a compiled program to decrypt the victim's files after they receive payment. System restore cannot restore files just settings so it will not help in this case. Third-party recovery software cannot recover the encrypted files because the files are not considered as deleted. The previous ransomware by name "cryptolocker" did not rename the files it encrypted so it was possible to recover your files by using the windows "previous version" feature, however "locky" renames all the files it encrypts so that windows cannot index the file's shadow copies to recover them. CERT-GHANA recommends that all users open email attachments with caution especially executable files. Cheers, *WISDOM DONKOR (S/N Eng.)* ICANN Fellow / ISOC Member, IGF Member, Diplo Foundation OGP Working Group Member, Africa OD Working Group Member E-government and Open Government Data Platforms Specialist National Information Technology Agency (NITA) Ghana Open Data Initiative (GODI) Post Office Box CT. 2439, Cantonments, Accra, Ghana Tel; +233 20 812881 Email: wisdom_dk@hotmail.com wisdom.donkor@data.gov.gh wisdom.dk@gmail.com Skype: wisdom_dk facebook: facebook@wisdom_dk Website: www.nita.gov.gh / www.data.gov.gh www.isoc.gh / www.itag.org.gh ____________________________________________________________ You received this message as a subscriber on the list: governance@lists.igcaucus.org To be removed from the list, visit: http://www.igcaucus.org/unsubscribing For all other list information and functions, see: http://lists.igcaucus.org/info/governance To edit your profile and to find the IGC's charter, see: http://www.igcaucus.org/ Translate this email: http://translate.google.com/translate_t