The Indian Computer Emergency Response Team also known as CERT-In has a new alert issued on their website about the Locky Ransomware. The new ransomware spreads through emails and at this moment, according to a report from Trend Micro, there has not be any major incidents regarding this new Ransomware.
The global ransomware epidemic is not going to die out anytime soon. Now, ransomware is more common than any other type of computer malware. Not just Windows system, even Linux and Mac systems can be affected by different strains of ransomware. Locky works similar to previous two ransomware that affected thousands of users – WannaCry and Petya. Both these used to encrypt user’s files and demands money for ransom. The money is demanded in Bitcoins.
Ransomware are mostly targeted for businesses because most large organizations pay up the ransom instead of going into the hassle of decrypting files manually. But, for consumers and end-users, this can be quite a hassle.
How Locky Works?
Locky spreads by emails. The e-mail messages contain common subjects like “please print”, “documents”, “photo”, “images”, “scans” and “pictures”. If you open these attachments, variants of Locky ransomware will automatically get download on the computer. You will soon find that the desktop background will be changed with one showing an HTM file named “Lukitus[dot]htm”. Users are instructed to pay a ransom of 0.5 Bitcoin, which is equivalent to Rs 1.5 lakh. Victims are instructed to install the Onion Router Network (TOR) browser, which takes users to a decryption service if they pay the ransom.
According to Malwarebytes, the ransomware is being distributed through a new file extension called “.diablo6”. A new variant adds the extension “. Lukitus” to encrypted files. Lukitus is the French word for locking. The ransomware campaign spreads through the help of spam emails containing a malicious ZIP attachment. These zip file attachments contain Visual Basic Scripts (VBS) embedded in a secondary zip file. The VBS file contains a downloader leading to domain “greatesthits [dot] mygoldmusic[dot] com”.
How to stay safe from Locky?
Now, there is no specific way to stay safe from any kind of ransomware. Since ransomware directly affects user data, backing up frequently is the most important way to stay safe. For Windows users, tools to prevent ransomware are present in Windows itself. Unless it’s a zero-day malware, Windows 10 can take care of most threats, thanks to Windows Defender. New features such as Controlled Folder Access prevent Ransomware from accessing user data in the first place.
Users using Windows’ default protection (Defender) or any other third party anti malware solution, should always keep it updated. It has to be noted that there is no way back once you are infected with a ransomware. Also, users should stay away from not-so-popular anti-malware solutions. Users can further use UAC or User Access Control to improve security.
Users also need to be extra careful while opening unknown emails. If you are using an email client such as Outlook, make sure that your antivirus program scans all your mails.
Source: The Indian Express