Dear Wisdom, Thank you for the heads-up. Do keep us updated. And congratulations on your MAG membership as well. Best, -Michael __________________ Michael J. Oghia Istanbul, Turkey Journalist & editor 2015 ISOC IGF Ambassador Skype: mikeoghia Twitter <https://www.twitter.com/MikeOghia> *|* LinkedIn <https://www.linkedin.com/in/mikeoghia> On Thu, Mar 24, 2016 at 10:52 AM, Wisdom Donkor <[log in to unmask]> wrote: > Dear All, > > Yesterday at 2:38pm an employee in one of the organisation in Ghana was > attacked by ransomware by name locky, this ransomware was sent in an email > with an attachment , the attachment contained an ms-word document with a > malicious macro, the locky program was activated when the user clicked > "enable editing " after the document was opened, this macro begun an > encryption process using a RSA-2048 and AES-128 algorithm, the encryption > process targeted the following file extensions > *.docx;*.pdf;*.pptx;*.xlsx;*.doc > > Yesterday Three US hospitals were hit by "locky" as well,The IT systems of > Kentucky Methodist Hospital and Chino Valley Medical Center and Desert > Valley Hospital, California, were infected with this ransomware, > The files cannot be recovered unless the victim has an offline backup to > recover from or pays a ransom with bitcoins via the darkweb,the attackers > promise to send the private key in a compiled program to decrypt the > victim's files after they receive payment. > System restore cannot restore files just settings so it will not help in > this case. > > Third-party recovery software cannot recover the encrypted files because > the files are not considered as deleted. The previous ransomware by name > "cryptolocker" did not rename the files it encrypted so it was possible to > recover your files by using the windows "previous version" feature, however > "locky" renames all the files it encrypts so that windows cannot index the > file's shadow copies to recover them. > > CERT-GHANA recommends that all users open email attachments with caution > especially executable files. > > Cheers, > > > > > > *WISDOM DONKOR (S/N Eng.)* > ICANN Fellow / ISOC Member, IGF Member, Diplo Foundation > OGP Working Group Member, Africa OD Working Group Member > E-government and Open Government Data Platforms Specialist > National Information Technology Agency (NITA) > Ghana Open Data Initiative (GODI) > Post Office Box CT. 2439, Cantonments, Accra, Ghana > Tel; +233 20 812881 > Email: [log in to unmask] > [log in to unmask] > [log in to unmask] > Skype: wisdom_dk > facebook: facebook@wisdom_dk > Website: www.nita.gov.gh / www.data.gov.gh > www.isoc.gh / www.itag.org.gh >