After the world was jolted by a series of coordinated ransomware epidemic in May 2017, including the likes of Wannacry, Mamba, and Petya, cyber criminals are now targeting their victims through a new email-based ‘Locky’ ransomware.
The Indian Computer Emergency Response Team (ICERT) has issued a notification on its website about the ransomware, which spreads through spam emails with subject lines like “pictures”, “please print”, “photo”, “images”, “documents,” and “scans”.
According to Malwarebytes, cyber criminals have been demanding half a bitcoin, which roughly comes to $2,300, for the “Locky Decryptor” to get their files back.
Cybersecurity firm AppRiver stated that around 23 million messages have already been circulated in this campaign, making it one of the largest malware campaigns till date.
ICERT’s alert stated, “Systems affected by Locky Ransomware are encrypted by random numbers with “extensions [dot] lukitus or [dot] diablo6. Victims are instructed to install the Onion Router Network (TOR) browser, which takes them to a decryption service if they pay the ransom note. It added, “The severity of the ransomware is indicated to be ‘high’.”
CERT-In added, “Users have been advised to exercise caution while opening emails, and organizations have been advised to deploy anti-spam solutions and update spam block lists.”
Global cyber security firm, Trend Micro on Monday said no incidents in India have been report till date. It also added, the severity of the ransomware is not likely to be on the scale of Wannacrypt’ and ‘Petya,’ which relied on loopholes in Microsoft XP.
Sharda Tickoo, Technical Head, Trend Micro India, said in a statement that ransomware strategies needed to be developed keeping in mind two approaches — first is to fortify email defense mechanisms and second is to prevent running unnecessary programs like VB and Java Script in machines if they are not used.
At the moment, there is no way to decrypt the infected systems without paying ransom. Researchers at cyber security firms are yet to find a way to unlock the infected systems.