Indian Government Warns against Locky Ransomware’s Dissemination

The Indian Computer Emergency Response Team has cautioned on September 2 that people need to be vigilant of a ransomware called Locky spreading through e-mail. The team states that the ransomware proliferates via junk e-mails for violating server security as well as demands bitcoin as payment of ransom for getting people's data unlocked.

At present, according to the warning, Locky is circulating via more than 23m e-mails that show ordinary subjects such as "documents," "please print," "images," "photo," "pictures" and "scans." Moreover, there are zip attachments to the e-mails having Visual Basic Scripts (VBS) implanted within one secondary zipped archive. There is one downloader inside the VBS document that connects with a domain namely 'greatesthits[dot]mygoldmusic[dot]com' for taking down Locky variants. It's suggested people don't go to that particular malicious online site.

By ransomware it means malevolent software while Locky, a well known ransomware, is reportedly asking payments of one-half Bitcoin that currently is equivalent to INR 1.5 lakhs and more.

Same as the earlier technique of distribution, the above campaign using Microsoft Word yet again depends on macros. Seemingly, Microsoft is especially concerned about these macros ever since cyber-criminals have discovered certain technique for using them for running code soon as any document closes. The technique continues to depend upon execution of a macro inside Microsoft's Word program, with end-users yet again requiring towards activating macros so that the technique succeeds. Nevertheless, there is no connection of the same with content display, since the Word file itself shows data. Themerkle.com posted this, September 3, 2017.

Cyber-criminals in attempts to target end-users are distributing spam messages having web-links leading onto phony Dropbox websites that would disseminate Locky variants. Consequently, the CERT warns that end-users should act carefully when viewing e-mails while organizations should deploy anti-spam software as well as make spam block series up-to-date.

The Indian CERT had formerly released one advisory cautioning people of Locky during 2016. Same year during August, Ravi Shankar Prasad, Information Technology Minister had said in the Lok Sabha of Indian parliament that according to a CERT-In report, during 2014 to 2017, 65 ransomware hacks had occurred, Mint reported.

» SPAMfighter News - 9/8/2017