According to recent reports, massive volumes of JavaScript attachments are being spammed out that contain dangerous ransomware. Sonoran recommends taking the following additional precautions to protect yourself:

  • Make sure your mail protection solution is blocking macro-enabled documents and .js scripts
  • Ensure users are blocked from access to downloading Tor by blacklisting the following URL: (the Locky virus in particular relies on downloading and installing the Tor browser and some versions may use Tor to contact the command and control servers)
  • Block any items falling under the category of “proxy avoidance” or “anonymizers.”
  • Disable Java in client browsers (for more information, see the following links)
  • And we suggest that access to the following IPs be completely blocked at the firewall:

You can learn more about the Locky virus here.

Please take a look at some of our technology solutions!  We would love to speak with you.




more similar articles