Protection against the Locky Virus
- Make sure your mail protection solution is blocking macro-enabled documents and .js scripts
- Ensure that you have blocked user access to downloading Tor by blacklisting the following URL: https://www.torproject.org/download/download-easy.html (the Locky virus in particular relies on downloading and installing the Tor browser and some versions may use Tor to contact the command and control servers)
- Block any items falling under the category of “proxy avoidance” or “anonymizers.” If you use Web Protection, this can be done by going to “Settings > Web Protection > Protection Policy > [select applicable policy] Edit > Web Security > Proxy Avoidance and Anonymizers > Block”
- Disable Java in client browsers (for more information, see the following links)
And we suggest that access to the following IPs be completely blocked at the firewall:
To learn more about the Locky Virus click Here.