Locky ransomware: In the second half of 2017, a new ransomware re-emerged with new email distribution campaign namely Locky ransomware. This claims to be one of the biggest malware campaigns after the Wannacry Ransomware attack.
The recent reports state that the Locky ransomware has sent over 23 million malware emails. All the malware distribution campaign has affected US workforce in just 24 hours on August 28.
The emails were sent with subjects such as “please print”, “documents” and “scans”. Researcher’s wing at US-based cyber security firm AppRiver has discovered this new malware campaign. “Locky ransomware is one of the largest malware campaigns seen in the latter half of 2017,” says the AppRiver team.
The malware payload comes with a hidden zip file which contains a Visual Basic Script (VBS) file. The File will download the latest version of Locky ransomware with a single click on file. The recently spotted Lukitus variant-encrypts all the files on the infected computer.
The Locky ransomware affected victims are presented with a note demanding 0.5 bitcoin ($2,300). The victims will get a “Locky decryptor”, special software to get their files back.
The attackers are also proving Instructions about how to download and install the Tor browser. Besides that, they are also providing info about how to buy Bitcoin to ensure victims make the payment. There are attacks alerting Locky ransomware in India as well. The central government on Saturday has issued alert warning users in India.
As per Indian Computer Emergency Response Team (ICERT), “spam mails” are suspected to spread the Locky ransomware.
The agency cautions all users to avoid opening those emails with suspicious file attachments. Also, it advises organizations to update spam block lists and deploy anti-spam solutions.