Locky ransomware’s re-emergence with new email distribution campaign has been touted as one of the largest malware campaigns in the latter half of 2017, the media reported.
The ransomware, once considered almost defunct, sent over 23 million emails with the malware to the US workforce in just 24 hours on August 28, zdnet.com reported.
It was sent with subjects such as “please print”, “documents” and “scans”.
Researchers at US-based cybersecurity firm AppRiver, who discovered the new campaign say it represents “one of the largest malware campaigns seen in the latter half of 2017”.
According to the report, the malware payload was hidden in a zip file containing a Visual Basic Script (VBS) file, which once clicked, will download the latest version of Locky ransomware — the recently spotted Lukitus variant — and encrypts all the files on the infected computer.
Victims are presented with a ransom note demanding 0.5 bitcoin ($2,300) in order to pay for “special software” in the form of a “Locky decryptor” in order to get their files back.
Instructions on downloading and installing the Tor browser and how to buy Bitcoin are provided by the attackers in order to ensure victims can make the payment.
Locky rose to prominence in 2016 following a number of high-profile infections and at one point became one of the most common forms of malware in its own right.
However, Locky’s position was later usurped by Cerber, although this sudden resurgence shows that it remains very much a threat, especially as there is not a free decryption tool available to victims, the report said.
Earlier this year, starting from May there was a sudden influx of coordinated ransomware attacks involving WannaCry, Mamba and Petya, which is an effective wake-up call for businesses around the world.
Locky ransomware appears to have arrived in India as well, with the central government on Saturday issuing an alert, warning users in the country to stay cautious of it.
According to the Indian Computer Emergency Response Team (ICERT), “spam mails” are being used to spread the ransomware.
The agency advised all users to take caution while opening emails and to avoid those with suspicious file attachments as well as advised organisations to deploy anti-spam solutions and update spam block lists.