Email-based Locky ransomware re-emerges; India’s CERT issues alert

    After WannaCry and Petya ransomware attacks, prepare yourself for Locky, touted as the largest malware campaign in 2017

    | Updated on: Sep 04 2017, 10:33 IST
    Now, Locky ransomware threat looms over India / AFP PHOTO / DAMIEN MEYER
    Now, Locky ransomware threat looms over India / AFP PHOTO / DAMIEN MEYER (AFP)
    Now, Locky ransomware threat looms over India / AFP PHOTO / DAMIEN MEYER
    Now, Locky ransomware threat looms over India / AFP PHOTO / DAMIEN MEYER (AFP)

    Once considered defunct, Locky ransomware has made a comeback with a strong email distribution campaign. Locky is now being considered as one of the largest malware campaigns of this year.

    The ransomware sent over 23 million emails with the malware to the US workforce in just 24 hours on August 28, reported. It was sent with subjects such as "please print", "documents" and "scans".

    Researchers at US-based cybersecurity firm AppRiver, who discovered the new campaign say it represents "one of the largest malware campaigns seen in the latter half of 2017".

    According to the report, the malware payload was hidden in a zip file containing a Visual Basic Script (VBS) file, which once clicked, will download the latest version of Locky ransomware -- the recently spotted Lukitus variant -- and encrypts all the files on the infected computer.

    Victims are presented with a ransom note demanding 0.5 bitcoin ($2,300) in order to pay for "special software" in the form of a "Locky decryptor" in order to get their files back.

    Instructions on downloading and installing the Tor browser and how to buy Bitcoin are provided by the attackers in order to ensure victims can make the payment.

    Locky rose to prominence in 2016 following a number of high-profile infections and at one point became one of the most common forms of malware in its own right.

    However, Locky's position was later usurped by Cerber, although this sudden resurgence shows that it remains very much a threat, especially as there is not a free decryption tool available to victims, the report said.

    Earlier this year, starting from May there was a sudden influx of coordinated ransomware attacks involving WannaCry, Mamba and Petya, which is an effective wake-up call for businesses around the world.

    Locky ransomware appears to have arrived in India as well, with the central government on Saturday issuing an alert, warning users in the country to stay cautious of it.

    According to the Indian Computer Emergency Response Team (ICERT), "spam mails" are being used to spread the ransomware.

    The agency advised all users to take caution while opening emails and to avoid those with suspicious file attachments as well as advised organisations to deploy anti-spam solutions and update spam block lists.

    Follow HT Tech for the latest tech news and reviews , also keep up with us on Twitter, Facebook, Google News, and Instagram. For our latest videos, subscribe to our YouTube channel.

    First Published Date: 04 Sep, 10:32 IST
    keep up with tech