• Hacking News
    • Leaks
    • WikiLeaks
    • Anonymous
  • Tech
    • Android
    • Apple News
    • BlackBerry
    • Google News
    • Microsoft
    • Motorola
    • Nokia
    • Samsung
    • 3D
  • Cyber Crime
    • Phishing Scam
  • How To
  • Cyber Events
    • Censorship
    • Cyber Attacks
  • Security
    • Malware
  • Surveillance
    • Drones
    • NSA
    • Privacy
  • Explore
    • Gaming
    • Science
    • Viral
HackRead
  • December 9th, 2019
  • Home
  • About Us
  • Team
  • Advertise
  • Submit News
  • Privacy Policy
  • Contact Us
HackRead
  • Hacking News
    • Leaks
    • WikiLeaks
    • Anonymous
  • Tech
    • Android
    • Apple News
    • BlackBerry
    • Google News
    • Microsoft
    • Motorola
    • Nokia
    • Samsung
    • 3D
  • Cyber Crime
    • Phishing Scam
  • How To
  • Cyber Events
    • Censorship
    • Cyber Attacks
  • Security
    • Malware
  • Surveillance
    • Drones
    • NSA
    • Privacy
  • Explore
    • Gaming
    • Science
    • Viral
  • Follow us
    • Facebook
    • Twitter
    • Google+
    • Linkedin
    • Youtube
Home » Cyber Crime » Massive Locky Ransomware Strain Hits US with Over 23 Million Emails

Massive Locky Ransomware Strain Hits US with Over 23 Million Emails

September 1st, 2017 Waqas Cyber Crime, Malware, Security 0 comments
Massive Locky Ransomware Strain Hits US with Over 23 Million Emails
Share on FacebookShare on Twitter

Cybercriminals are becoming more and more skilled regarding technological advancement and sophisticated planning techniques. The latest ransomware campaign is a true case of how hackers can trap users and cause widespread damage by simple tweaking of an already lethal malware.

According to security experts at AppRiver, the notorious Locky ransomware is back in action with utmost evilness. In the latest campaign attackers have sent out malicious Locky ransomware via a whopping 23 million infected emails.

AppRiver has posted a sample email that shows how effortlessly attackers managed to affect so many devices at once. The email has just a single sentence “download it here” and the sender’s name while the subject line is also chosen randomly from a standard list. There are simple terms used in the whole email such as documents, images, photos, pictures, and scans while ‘please print’ is the most complex phrase.

Massive Locky Ransomware Strain Hits US with Over 23 Million Emails

Sample email (Credit: AppRiver)

The attackers have tried to benefit from the naivety and unsuspicious nature of a large number of internet users. When one is launching ransomware to 23 million potential targets, then the campaign is bound to claim some victims. Those who did fell prey to this trap had to pay a considerable sum to regain access to their files, which at the time of this writing was about .5 Bitcoin (more than $2300) for a single device. You can easily imagine if there were even one or two thousand compromised devices out of the 23 million then the attackers would have easily made a few million dollars.

[q]Do not open unknown and/or spam emails[/q]

The latest attack is quite dangerous. The malware traffic outrage started on Monday at around 7 a.m. CST, exactly when workers in the US arrive at offices. They were welcomed by malicious, ‘extremely vague’ emails sitting in their inboxes, stated AppRiver security research manager Troy Gill.

The email contained a ZIP file attachment, which was a VBS (Visual Basic Script) file. Inside this attachment was another ZIP file. When the user clicked this second file, a downloader was executed, and the modified version of Locky was unleashed via “greatesthits[dot]mygoldmusic[dot com]” stated the AppRiver post.

[fullsquaread][/fullsquaread]

Once downloaded, Locky ransomware starts encrypting entire data on the infected device and adds [.]lukitus to them. When encryption stage is completed, the attackers change computer’s desktop background with another image on which the instructions for decryption are noted and an HTML file named “Lukitus[dot]htm” is uploaded. Unsurprisingly, the victim is asked to install TOR browser first and then sent a Darkweb link for paying the demanded ransom. When the payment is received, the victim is redirected to decryption service.

A post from AppRiver informed that the campaign was launched all across the US earlier this week and it is reportedly one of the largest ransomware attacks in 2017’s second half. It is worth noting that ransomware remains the biggest cyber-threat since 2016 and its intensity has only increased over time with a 600% increase in ransomware attacks in comparison to last year. Last year Locky was the dominating malware while this year the top slot has been claimed by Cerber variants so far until Locky made a full throttle come back recently.

According to Gill, the attacks haven’t subsided or stopped yet, as per the post, AppRiver detected over 5.6 million messages on Monday and still there is no information about any method to reverse the Locky ransomware strain.

Therefore, to help out the users, AppRiver suggest regular updating of their computers’ software and hardware with security patches so that all the flaws and vulnerabilities are fixed timely, and ransomware or other malware exploits are prevented. In this regard, automatic software updates are your best bet, but you can also customize settings to get the newest updates regularly.

Moreover, it is important to install email and web protection software too so that ransomware is prevented from entering the network. Lastly, creating data backup always works because it lets you restore your important data and you are spared from paying such hefty sum to cyber criminals.

  • Tags
  • Cyber Attack
  • Cyber Crime
  • hacking
  • internet
  • Locky
  • Malware
  • Ransomware
  • security
Facebook Twitter Google+ LinkedIn Pinterest
Previous article Hacker Charged for Crashing Businesses Using Millions of Mirai botnet
Next article DailyStormer comes back with Albanian domain; gets booted off
Waqas

Waqas

I am a UK-based cybersecurity journalist with a passion for covering the latest happenings in cyber security and tech world. I am also into gaming, reading and investigative journalism.

Related Posts
New privacy tool exposes which website leaves your data unprotected

New privacy tool exposes which website leaves your data unprotected

New Linux vulnerability puts VPN connections at risk of hijacking

New Linux vulnerability puts VPN connections at risk of hijacking

5 things you should never do when using anonymous operating systems

5 things you should never do when using anonymous operating systems

Newsletter

Get the best stories straight into your inbox!



Don’t worry, we don’t spam

LATEST POSTS
New privacy tool exposes which website leaves your data unprotected
Privacy

New privacy tool exposes which website leaves your data unprotected

1573
New Linux vulnerability puts VPN connections at risk of hijacking
Privacy

New Linux vulnerability puts VPN connections at risk of hijacking

962
5 things you should never do when using anonymous operating systems
Security

5 things you should never do when using anonymous operating systems

1486
Israeli firm buys Private Internet Access (PIA) VPN raising privacy concerns
Surveillance

Israeli firm buys Private Internet Access (PIA) VPN raising privacy concerns

14588

HACKREAD is a News Platform that centers on InfoSec, Cyber Crime, Privacy, Surveillance and Hacking News with full-scale reviews on Social Media Platforms & Technology trends. Founded in 2011, HackRead is based in the United Kingdom.

Follow us