Indian government issued a warning about Locky ransomware attack on September 2, 2017. According to the researchers, this ransomware is mainly spreading via massive email spam campaigns circulating with the common subject lines like “please print”, “documents”, “photo”, “Images”, “scans” and “pictures” in an attempt to convince victims into infecting themselves with Locky ransomware. However the subject texts may change in targeted spear phishing campaigns. Reports indicate that over 23 Million such messages have been spread worldwide. Currently it demands for half bitcoin which costs around 1.5 L INR.
The email contains ZIP attachments with Visual Basic Scripts (VBS) embedded in a secondary zip file. The VBS file contains a downloader which polls to domain “greatesthits[dot]mygoldmusic[dot]com” (please do not visit this malicious website) to download variants of Locky ransomware. Once downloaded all the files on your computers are encrypted and renamed with “ [.]lukitus” or “[.]diablo6” extension. Hence the latest variant of Locky also comes by the name Diablo6.
Locky Ransomware has caused much havoc already in the past couple of years. Victims have paid more than 25 Million dollar for this ransomware in the past couple of years.
How can you protect from Locky Ransomware?
Few preventive tips to take action before it is infected:
- Have a backup of all your files
- Pay attention to your PC’s behavior.
- Avoid shady sites and have a reliable anti-virus program
- Be careful when opening new e-mails from unknown senders.
Logix Infosecurity being pioneer in email security, anti threat protection, anti spoofing offers advice on preventing (and recovering from) attacks by latest ransomwares. Our valuable customers are protected against such ransomware threats like Locky due to Logix cloud email security solution having Advanced Threat Protection. Download the following ebook for free in order to stay safe from such spam email campaigns and thus from malicious ransomware wrapped within.