Locky Ransomware: Top 10 things you must know
Locky is a ransomware malware which was created in 2016. But it has caught on in 2017, signalling that the global ransomware epidemic is far from over. Locky is the third major ransomware to hit India and CERT-in (Computer Emergency Response Team) has issued a warning. But what is Locky all about? And how can computer users safeguard their machines and their money from this vicious ransomware? Read on to know more about the latest ransomware on the scene.
1. How It Works
Locky ransomware is delivered by a mail that is purportedly an invoice seeking payment with attached Microsoft word document containing dodgy and malicious macros. When the document is opened by the user, it seems filled with nonsense and the phrase enable macro if data encoding fails. This social engineering tactic is just to get the unsuspecting user to enable the macros and this runs a binary file that downloads a Trojan virus that encrypts your files and demands ransom for unlocking them.
2. The Ransom Demanded
The filenames are converted to a 16 number and letter combination with the file extension. locky (hence the name). After encryption, the message displayed on the user's desktop gives instruction to download the Tor browser and visit a criminal operated web site for further data. The website contains instructions demanding payment of 0.5 to 1 bitcoin (equivalent to around 500 to 1000 Euros through a bitcoin exchange). Criminals possess the private key and remote servers are controlled by them to decrypt files.
3. From WannaCry to Locky: Causing a Hue and Cry?
Petya, WannaCry and then Locky….ransomware such as these refer to a cyberattack designed to block data access on the computer and demand money to unlock it. Similar to the WannaCry ransomware, Locky has achieved the dubious distinction of being part of the CERT-in advisory. Active since last year, this ransomware has returned with a fresh variant.
4. Old Wine in New Bottle
The Locky ransomware was launched again on August 9, 2017 and has penetrated India as well. With over 23 million messages sent in the attack, this is the largest malware campaign of its kind. The ransomware is distributed through a new file extension called .diablo6 which adds the extension .Lukitus to encrypted files. This is the French word for locking.
5. How It Spreads
The ransomware campaign spreads through the help of spam calls containing a zip attachment that is malicious in nature. These zip files contain VBS or Visual Basic scripts embedded in a secondary zip file . The VBS file sends users to a particular domain.
Here email messages contain subjects like “please print”, “scans” and “pictures”. If these attachments are opened, variants of the ransomware downloads on the computer. Desktop backgrounds change to one showing an HTM file named Lukitus dot htm. Victims have to install the Onion Router network or Tor browser to access the decryption service to pay the ransom.
6. How to Combat the Ransomware
Currently, there is no known method to decrypt the systems without shelling out a ransom. Researchers have not found a tool used to unlock the infected computers.
7. How to Protect Your PC
However, preventative steps can be taken to protect the PC from ransomware, such as backing up files, using an antivirus program, being wary of suspicious website and emails and ensuring backups of your data. Never ever pay ransom.
8. Backups: The Antidote to Locky
Keeping backups regularly and offsite is the cure for the ransomware, apart form other disasters like fire, flood, theft, a dropped laptop or an accidental wiping out of data. Backups can save you from a dangerous situation.
9. When Macros Are Malicious: How to Prevent Getting Locked Out!
Another important tip is never to enable macros in document attachments received via email. Microsoft turned off auto execution of macros by default many years ago as a serious measure. Malware infections will persuade you to turn it back on. Don't fall prey to it.
10. Distribution Method: How to Nip Locky in the Bud
Many different distribution methods for Locky have been used since the ransomware was released. These distribution methods comprise Word and Excel attachments, exploit kits, macros, DOCM attachments and zipped JS attachments. On February 16, 2016 and for the period immediately after attackers increased their distribution to millions of users. Despite this version, Google Trend data indicated infections dropped off. But the ransomware has seen a resurgence in recent times. So watch out for this tricky ransomware that makes you pay for your data and is a cybercriminal's master stroke.