Beware of “Locky Ransomware” : Indian government issued alert

Cyber security

The Indian Computer Emergency Response Team (CERT-In) has issued an alert on its website about the new Locky ransomware which spreads through spam emails.

The Ransomware, that was considered to be finished, is came back as new email spam named as Locky Ransomware. After WannaCry and Petya, it is considered as biggest cyber attack.

“Alert regarding spam spreading Locky ransomware issued today by @IndianCERT…,” Electronics and IT Additional Secretary Ajay Kumar tweeted

How it works

The ransomware campaign spreads through the help of spam emails containing a malicious  ZIP attachment. These zip file attachments contain VB Script (Visual Basic Scripts) embedded in a another zip file. The VB Script file contains a downloader that downloads latest version of Locky  from domain “greatesthits [dot] mygoldmusic[dot] com”.

The ransomware is being distributed through a new file extension called “.diablo6”, according to Malwarebytes research. A new variant adds the extension “.Lukitus” to encrypted files.

Users are instructed to pay a ransom of 0.5 Bitcoin. Victims are instructed to install the Onion Router Network (TOR) browser, which takes users to a decryption service if they pay the ransom.

Please be careful

“Reports indicate that over 23 million messages have been sent in this campaign. The messages contain common subjects like ‘please print’, ‘documents’, ‘photo’, ‘Images’, ‘scans’ and ‘pictures’. However, the subject texts may change in targeted spear phishing campaigns,” the alert, which described severity of the ransomware as “high”, said.

“Among more than 100 countries that were hit by WannaCry (an advanced ransomware attack), India was the third-worst affected,” an Assocham PWC report said.

For More details

http://www.cert-in.org.in/

http://www.cyberswachhtakendra.gov.in/alerts/locky_ransomware.html

 

Read an interesting story about Apple and Accenture partnership