Locky Ransomware : CERT-In Issue Alert

Our government on Saturday issued an alert on the spread of a new malware named ‘Locky Ransomware’. “Alert regarding spam spreading Locky Ransomware issued today by @IndianCERT…,” Electronics and IT Additional Secretary Ajay Kumar tweeted.

What is Locky?

Locky is one of the most popular ransomware, and among the first to have made a global impact. First incidents of attacks with Locky were reported early last year, but then other kinds of ransomware such as Petya and WannaCry became more prevalent. Recently, security firms Symantec, Malwarebytes, and Comodo and others reported about the resurgence of Locky ransomware in cyber attacks.

CERT-In warned:

A massive email campaign — in which more than 23 million have been sent — is underway to trick people into installing Locky ransomware via emails. The messages contain common subjects like “please print”, “documents”, “photo”, “Images”, “scans” and “pictures”. 

“The messages contain ‘zip’ attachments with Visual Basic Scripts (VBS) embedded in a secondary zip file.” The VBS file contains a downloader which polls to domain ‘greatesthits[dot]mygoldmusic[dot]com’ (please do not visit this malicious website) to download variants of Locky ransomware.

Advice to users

“Users are advised to exercise caution while opening emails and organisations are advised to deploy anti-spam solutions and update spam block lists,” the alert stated.