Locky is one of the most active ransomware viruses on the Internet. Recently, the virus received a new “.odin” extension and started a massive spam campaign. Our prediction that the recent spike in spam will bring more Locky was accurate. Here’s all we know about the new wave of the ransomware infection.
Locky Ransomware Virus Up-Close
The virus is distributed with the help of email spam letters, most likely sent with the help of Necurs, an infamous botnet. The malware researchers from myonlinesecurity have published samples of the spammed emails. Here are a few titles from the infected emails:
- Your Debit Card is temporarily blocked
- Bill for documents
- Clients accounts
- Document No [Insert Random Number]
The Locky infected emails contain malicious .ZIP files. Spreading ransomware through archives is a staple of this type of malware.
The emails try to look have that generic look to them. Here’s an example:
Dear [victim’s name]
I attached the clients’ accounts for your next operation.
Please look through them and collect their data. I expect to hear from you soon.
VP Finance & Controller
Tel.: (843) 407-90-57
Dangerous Mail Spam
The emails are made to look business related, so their target will open them. Locky often targets businesses and hospitals. Work related data is worth more, thus victims are more likely to pay up. Locky remains encrypted, and there’s no easy way to restore the data. Sometimes paying the crooks is cheaper than losing the encrypted material.
Ransomware isn’t the only threat lurking in these emails. The included telephone number could also be used for malicious purposes. People who are foolish enough to call them can be scammed. The cost of these calls is very high, and the scammer on the other end of the line will try to squeeze additional data. This can be very dangerous if the victim is naïve enough to give personal or credit card information.
All the alleged senders, amounts, reference numbers, Bank codes, companies, names of employees, employee positions, email addresses and phone numbers mentioned in the emails are all random. Some of these companies will exist and some won’t. Don’t try to respond by phone or email, all you will do is end up with an innocent person or company who have had their details spoofed and picked at random from a long list that the bad guys have previously found.
Locky Ransomware Virus Remains a Problem
Locky continues to be a threat ten months after it first surfaced on the Web. Some ransomware viruses get decrypted within a week. Locky is a very active. The virus has many forms and extensions and its constantly evolving. Given the recent wave of spam, users should be extra vigilant about their digital letterbox.