As the government’s Computer Emergency Response Team (CERT-In) issued an alert last weekend about the spread of a new ransomware called ‘Locky,’ global cyber security firm Trend Micro on Monday said no incidents involving ‘Locky’ have been reported in India till date.
According to Trend Micro, the ransomware is not likely to be on the scale of ‘Wannacrypt’ and ‘Petya’ ransomware that relied on Microsoft vulnerability in Windows XP. “So far, there haven’t been any cases of Locky ransomware reported in India but we are getting enquiries from customers and Trend Micro’s support team is helping out in resolving them,” Sharda Tickoo, Technical Head, Trend Micro India, said in a statement.
The government said that ransomware ‘Locky’ is spreading through a “massive spam campaign”. According to CERT-In, “spam mails” are being used to spread the ransomware. “It has been reported that a new wave of spam mails are circulating… to spread variants of Locky ransomware. Reports indicate that over 23 million messages have been sent in this campaign,” CERT-In said.
“The message contains common subjects like please print, documents, photo, images, scans and pictures,” it added. The ransomware is known to scramble the contents of a computer or server and demands payment to unlock it “usually by anonymous decentralised virtual currency Bitcoins”. Locky ransomware’s re-emergence is touted as one of the largest malware campaigns in the second half of 2017.
The ransomware, once considered almost defunct, sent over 23 million emails with the malware to the US workforce in just 24 hours on August 28. Victims are presented with a ransom note, demanding 0.5 bitcoin ($2,300) in order to pay for “special software” in the form of a “Locky decryptor” in order to get their files back.
“We are trying to build a ransomware strategy with two best practices – first is to start with fortifying email defence mechanisms and second is to delete the VB or Java Script if it is not used in machines. There are certain secure configurations which are unnecessary and not running, should be blocked,” Tickoo informed.