Another ‘Aggressive’ Locky ransomware campaign launched with 20 million attacks in a single day.
Barracuda Advanced Technology Group (BATG) has identified an ‘aggressive’ Locky ransomware threat launched in about 20 million attacks on the very first day, and the campaign seemingly has started just yet.
On Tuesday BATG stated that it was ‘actively monitoring an aggressive ransomware threat that appears to come in the largest volume from Vietnam,” while the number of attacks was rapidly ‘growing.’ According to the blog post, India, Colombia, Greece, and Turkey are other prominent targets of attackers, but the volume of attacks is comparatively low in these regions.
In their blog post, it was revealed that the attacks were initially launched in a generic email and later as ‘Herbalife’ brand email impersonating to be a ‘copier file delivery.’ However, researchers identified another email from the same campaign but with a different approach as it had the subject line “Emailing –“ followed by the name of the file attached in the email such as “Emailing — 10008009158.”
Reportedly, around 6,000 fingerprints have been discovered hinting upon the fact that the attacks are generated automatically through a template that can randomize portions of the files. The payload file and domain names that are used to download secondary payloads continually change probably to evade anti-virus software.
Moreover, BATG researchers have found a variant of Locky ransomware with a single identifier, which means even if the ransom is paid the victim won’t be getting decryptor key at all to reclaim encrypted data.
BATG researchers also noted that the language files on the victim computer are also checked by the malware so it can be speculated that this mechanism is embedded in order to produce a more ‘internationalized version’ of this attack later on.
It seems like Locky ransomware is back in action as recently we reported about a campaign discovered by security firm AppRiver where the attackers managed to launch 23 million attacks. In that particular campaign too, the infected attachments were delivered to unsuspecting users across the United States through emails having a simplistic subject line that read: ‘Download it Here’ followed by the sender’s name.
Therefore, we believe that attackers are now upping their game by utilizing the evilness of Locky ransomware and launching malicious attachments in millions of emails at once. Keep visiting this space for more on this aggressive ransomware threat.