The government on late Saturday issued an alert on the spread of Locky[1], a type of ransomware[2] through which attackers encrypt (lock) files on impacted computers and then demand payment from the victims in exchange of unlocking those files. Indian Computer Emergency Response Team (CERT-In), an arm of Ministry of Electronics and Information Technology, advised residents of India as well as Indian companies and corporate houses, to look out for suspicious emails with file attachments, the common way attackers are using to spread Locky. CERT said that a massive email campaign — in which more than 23 million have been sent — is underway to trick people into installing Locky ransomware via emails.
CERT[3] advised people to not click on emails with subjects like "please print", "documents", "photo", "Images", "scans" and "pictures." It noted however that attackers may, and likely will, change their strategy and include other kind of messages in the subject line of their emails. In general, just avoid clicking on any suspicious email. "The messages contain ‘zip' attachments with Visual Basic Scripts (VBS) embedded in a secondary zip file. The VBS file contains a downloader which polls to domain 'greatesthits[dot]mygoldmusic[dot]com' (please do not visit this malicious website) to download variants of Locky ransomware,' CERT wrote in the notification.
Locky is one of the most popular ransomware, and among the first to have made global impact. First incidents of attacks with Locky were reported early last year, but then other kind of ransomware such as Petya and WannaCry became more prevalent. Last month security firms Symantec, MalwareBytes, and Comodo and others reported about resurgence of Locky ransomware in cyber attacks.
Last month, MalwareBytes reported about two new variants of Locky ransomware including the ones that...