Note: “Facebook has said that some of the Nemucod infections spreading over Facebook Messenger are not dropping Locky ransomware on victims’ computers as was initially reported”5 though this is technically possible.
In addition to csirt.sanren.ac.za/posts/160302-rm-locky.html
- Educate users on the new risks – “Stop! Think! Connect…“
- Don’t install/execute unknown browser add-ons / extensions especially from unexpected websites (e..g resulting from clicking on an image in a chat message)
- Revisit and verify backup process, systems, etc.
- Ensure that the latest patches are applied for anti-malware, web and email filtering, etc. products in use