There’s a new variant of the Locky Ransomware infection onthe loose in the Mooresville and Lake Norman area and it looks like it’s worsethan its predecessor. One of our clients received an email with an attachmentregarding a current project (he thought it was legitimate) – the attachment wasactually the Thor variant of the Locky infection and encrypts more than theusual documents, spreadsheets, and pictures – this new variant also encryptedhis Outlook .pst database and his Quickbooks .qbw and .qbb working file andbackup.
If you receive emails with attachments, be very careful inopening them. Look for attachment that appear to be spreadsheets or .pdfdocuments with a secondary extension like budget.xls.vbs or invoice.pdf.js.These are likely to be telltale signs of infectious files.
You can read more at: http://www.bleepingcomputer.com/news/security/locky-ransomware-switches-to-thor-extension-after-being-a-bad-malware/