The global ransomware epidemic isn’t going to die anytime soon. After WannaCry and Petya, cyber criminals are now spreading an email-based Locky ransomware. The Indian Computer Emergency Response Team (CERT-In) has issued an alert on its website about the new Locky ransomware which spreads through spam emails. Cyber criminals demand payments in cryptocurrency bitcoin like WannaCry did. At the moment, there is no report of how much damage the Locky ransomware has caused in India. So, what is Locky ransomware, how does it spread, and how can we protect our computer from ransomware?
What is Locky ransomware?
Ransomware is a kind of cyber-attack designed to block access to the data on the computer and demand money to unlock it. The Locky ransomware is similar in nature compared to the “WannaCry” that caused massive outcry around the world earlier this year. The Indian Computer Emergency Response Team (CERT-In) issued an advisory for Locky ransomware warning for users in India to stay alert. Locky ransomware has been active since last year, and this time around it is back with its new variant. A new ransomware campaign was launched on August 9, and it appears to have started to penetrate in India as well. Cybersecurity company AppRiver said that it has seen over 23 million messages sent in the attack, making it one of the largest malware campaigns seen so far.
How does it work?
The ransomware is being distributed through a new file extension called “.diablo6”, according to Malwarebytes research. A new variant adds the extension “.Lukitus” to encrypted files. Lukitus is the French word for locking. The ransomware campaign spreads through the help of spam emails containing a malicious ZIP attachment. These zip file attachments contain Visual Basic Scripts (VBS) embedded in a secondary zip file. The VBS file contains a downloader leading to domain “greatesthits [dot] mygoldmusic[dot] com”.
The e-mail messages contain common subjects like “please print”, “documents”, “photo”, “images”, “scans” and “pictures”. If you open these attachments, variants of Locky ransomware will automatically get download on the computer. You will soon find that the desktop background will be changed with one showing an HTM file named “Lukitus[dot]htm”. Users are instructed to pay a ransom of 0.5 Bitcoin , which is equivalent to Rs 1.5 lakh. Victims are instructed to install the Onion Router Network (TOR) browser, which takes users to a decryption service if they pay the ransom.
Can we stop the ‘deadly’ Locky ransomware?
There is currently no way to decrypt all those systems without paying a ransom. Researchers have not found a tool that can be used to unlock the infected computers.
How can we protect our computer from ransomware?
Here are some ways to protect your PC from ransomware:
• Back up your files.
• Use an antivirus program.
• Be suspicious of unknown emails and websites.
• Perform regular backups of all critical data stored on your computer.
• Never pay ransom.