The latest ransomware technique has affected millions and shows no sign of slowing down.
A cybersecurity firm, Barracuda Advanced Technology Group (BATG), has recently identified a new ransomware. The ransomware, called Locky, has to date launched an estimated 20 million attacks all within its first day.
BATG confirmed this past Tuesday that it was monitoring this latest ransomware very closely. So far, the majority of attacks have targeted users in Vietnam, and the number of attacks has rapidly been growing. Other countries affected include India, Columbia, Greece, and Turkey.
According to BATG’s blogpost, attacks are launched using a generic email which impersonates the Herbalife brand. The email claimed to be a “copier file delivery.” Researchers have also come across a different email that installs the same ransomware. The second email has “Emailing –“ followed by the name of the file itself as a subject line.
Approximately 6000 different fingerprints have been found, which confirms the suspicion that the attacks are automatically generated via a template. This template is then able to randomize portions of the infected files. The payload files, as well as domain names where users download files from, are routinely changed, which allows the ransomware to bypass antivirus security software.
BATG researchers have also confirmed that there is a variant of Locky. This variant ransomware has a single identifier. This means that if a victim does give in and pay the ransom, the victim wouldn’t even get the necessary decryption key to reclaim lost data.
BATG researchers also uncovered that the malware has the ability to check the language of files on an infected device. This has caused researchers to speculate that the malware has an embedded mechanism which allows it to produce a more internationalized version in the future.
Lock ransomware has been in circulation for some time now. A previous attack was uncovered by security firm, AppRiver, which launched over 23m attacks in a short amount of time. During his previous campaign, victims received infected email attachments. The previous attack was mostly aimed at users in the United States. The infected email had a simple design which prompted the reader to “Download it Here,” the download, in turn, would compromise the device in question.
This latest attack seems like a more sophisticated descendent of the previous one. Until researchers are fully able to understand the ramifications of this attack, all users are warned to be cautious when opening emails with dubious attachments.