Cyber security analysts revealed a new ongoing attack against the system users all around the world containing different variants of Locky Ransomware. The malicious campaign is currently delivered through a botnet identified as “Necurs” which uses spam email attachments. Updated version of Locky Ransomware is able to encode the files and data stored on outdated version of Windows XP and Vista systems. According to the security researchers, the cyber extortionists regularly changing their strategies by preferring new file-encrypting virus such as Jaff ransomware. Malicious spam email campaign is one of the main method used by the cyber criminals for spreading such noxious malware. As usual various distribution strategies can be employed:
- Email messages which uses social engineering tactics can be used by the criminal hackers in order to manipulate the victims into infecting their systems with an attached files or links of malware files.
- In most of the cases, the spam emails contains legitimate looking graphic files and use links or text which imitate real notices. The Windows system users are then misguided to interact with those emails by downloading the attached file or clicking on the link provided in it.
- Spreading fake software installers or scripts and documents to the predefined targets. Latest version of Locky Ransomware invade the targeted Windows machine only after the users download the needed file.
This time, cyber hackers using Necurs botnet in order to spread email messages that contain malicious payload of updated Locky Ransomware and the mails sent through compromised domains and malicious servers. The people responsible for this vicious attack spread randomly generated PDF files. Such files asks the system users to enable the built-in scripts and the same strategies is used for MS Word files. However, the ransomware seeks to encipher a wide range of targeted file types, including databases, documents, backups, archives, media files, backups etc. It is not surprising to see Locky Ransomware make such a grand return all of a sudden. It is believed that the people running Necurs botnet have close ties to the creation of updated Locky virus.
Once thing is clear that the operators behind Locky Ransomware are very passionate about distributing the malware right now. The main reason why this file-encrypting virus only affects the Windows XP and Vista users is mainly due to the creators rushing the deployment of this new malicious spam campaign. Any computer running Windows 7 or later is equipped with a tool named “Data Execution Prevention”, which prevents the installation of ransomware threats and renders the latest Locky virus as well. More specifically, the new spam email campaign attributes for 7.2% of the global spam email. The payload of nasty virus is propagated via emails with a malicious attachments which is in the form of ZIP file. However, rest assured this spam email campaign will make quite a number of victims in this process.