Protect against the Locky virus

According to recent reports, massive volumes of JavaScript attachments are being spammed out that contain dangerous ransomware.

We recommend taking the following additional precautions to protect your install base:

  • Make sure your mail protection solution is blocking macro-enabled documents and .js scripts
  • Ensure that you have blocked user access to downloading Tor by blacklisting the following URL: www.torproject.org/download/download-easy.html (the Locky virus in particular relies on downloading and installing the Tor browser and some versions may use Tor to contact the command and control servers)
  • Block any items falling under the category of “proxy avoidance” or “anonymizers.”
  • Disable Java in client browsers.
  • And we suggest that access to the following IPs be completely blocked at the firewall:
    • 5.34.183.195
    • 51.254.19.227
    • 185.14.29.188
    • 31.184.197.119
    • 91.219.29.55

Learn more about the Locky virus here