Is the Locky ransomware getting ready for a massive attack?

Just a few weeks ago Cisco announced that Locky may be getting ready for a massive ransomware spam campaign after researchers noticed traces of traffic from the hitherto dormant Necrus botnet. 

 

“Locky has been one of the most effective and widespread families of ransomware. At one point during the height of its reign in the ransomware market, Locky was infecting 90,000 victims per day, yielding potentially hundreds of millions of dollars a year”, reads a post published by Cisco.

In the last months, Cisco’s researches registered a small number of malicious spam campaigns (around one thousand messages), which is very unusual for the massive figures they were typically seeing (hundreds of thousands of Locky spams). And it’s very probable that this is a teasing campaign for what it’s coming or maybe a test campaign. 

Currently there are two types of Locky emails, both having attachments that once opened will infect the system. It is very interesting that one of them, the Double Zipped Locky, is delivering also the Kovter Trojan that would continue to operate on the system even after the user pays to have their files decrypted. This is why paying the ransom can be only a waste of money. 

Campaign 1 - Double Zipped Locky

 

Campaign 2 - Rar based Locky


 
As the Cisco researches declared “With both of these campaigns being relatively low volume these could be one offs or indicators of changes to come to the campaigns in the future.” 

If you receive an email from a source that you are not expecting or are unsure:

Do not open the email
Do not open the attachment
Do not open the file inside of the attachment
Delete it immediately

Request our free Anti-Malware guide that contains simple, useful steps that your staff can follow in order to avoid most common cyber threats and quick solutions on what to do once infected.

If you need help or any advice on cyber security, please get in touch as we can not only help get you prepared for cyber-attacks, but also avoid them.

 0117 986 4026 | info@sovisionit.com 

 

Author:
Published:
Monday, 13 February 2017
Category:
Cyber Security
Tags:
Cyber security Ransomware Data Protection
Go Back

© Copyrights soVIsion IT 2016. All rights reserved.

Line Business Services Ltd and soVision IT Ltd, Avon House, Avon Mill Lane, Keynsham, Bristol BS31 2UG. Line Business Services Ltd is a Company registered in England No. 5599751. soVision IT Ltd is a Company registered in England No 10714018