The Indian Computer Emergency Response Team (CERT-In) has issued an alert on its website about the new Locky ransomware which spreads through spam emails.
The Ransomware, that was considered to be finished, is came back as new email spam named as Locky Ransomware. After WannaCry and Petya, it is considered as biggest cyber attack.
“Alert regarding spam spreading Locky ransomware issued today by @IndianCERT…,” Electronics and IT Additional Secretary Ajay Kumar tweeted
Alert regarding spam spreading Locky ransomware issued today by @IndianCERT https://t.co/6zBRjRww8k
— Ajay Kumar (@drajaykumar_ias) September 2, 2017
Remain Cybersafe Enjoy Cyberspace
How it works
The ransomware campaign spreads through the help of spam emails containing a malicious ZIP attachment. These zip file attachments contain VB Script (Visual Basic Scripts) embedded in a another zip file. The VB Script file contains a downloader that downloads latest version of Locky from domain “greatesthits [dot] mygoldmusic[dot] com”.
The ransomware is being distributed through a new file extension called “.diablo6”, according to Malwarebytes research. A new variant adds the extension “.Lukitus” to encrypted files.
Users are instructed to pay a ransom of 0.5 Bitcoin. Victims are instructed to install the Onion Router Network (TOR) browser, which takes users to a decryption service if they pay the ransom.
Please be careful
“Reports indicate that over 23 million messages have been sent in this campaign. The messages contain common subjects like ‘please print’, ‘documents’, ‘photo’, ‘Images’, ‘scans’ and ‘pictures’. However, the subject texts may change in targeted spear phishing campaigns,” the alert, which described severity of the ransomware as “high”, said.
“Among more than 100 countries that were hit by WannaCry (an advanced ransomware attack), India was the third-worst affected,” an Assocham PWC report said.
For More details
http://www.cyberswachhtakendra.gov.in/alerts/locky_ransomware.html
Read an interesting story about Apple and Accenture partnership