According to recent reports, massive volumes of JavaScript attachments are being spammed out that contain dangerous ransomware.
We recommend taking the following additional precautions to protect your install base:
- Make sure your mail protection solution is blocking macro-enabled documents and .js scripts
- Ensure that you have blocked user access to downloading Tor by blacklisting the following URL: www.torproject.org/download/download-easy.html (the Locky virus in particular relies on downloading and installing the Tor browser and some versions may use Tor to contact the command and control servers)
- Block any items falling under the category of “proxy avoidance” or “anonymizers.”
- Disable Java in client browsers.
- And we suggest that access to the following IPs be completely blocked at the firewall:
- 5.34.183.195
- 51.254.19.227
- 185.14.29.188
- 31.184.197.119
- 91.219.29.55
Learn more about the Locky virus here