comscore CERT-In issues alert on 'Locky' ransomware spreading in India

CERT-In issues alert on 'Locky' ransomware spreading in India

Locky ransomware spreads through malicious email attachments, and encrypts your files.

  • Published: September 3, 2017 10:32 AM IST

This year saw a sudden influx of ransomware starting with WannaCry in May, following which Mamba, Petya and Locky also made surprise visits. New variants of Locky ransomware had started targeting users a week back, and appear to have arrived in India as well. The Indian Computer Emergency Response Team (CERT-In) has now issued an alert for Locky ransomware warning users in India to stay cautious of it. Also Read - Poco M2 Pro to go on sale today on Flipkart at 12PM: Price in India, offers, specifications

Also Read - OnePlus Nord gets new OxygenOS update with stability improvements

Also Read - Xiaomi Mi Beard Trimmer gets listed on Flipkart with price ahead of today's launch

CERT-In advises all users to take caution while opening emails and to avoid those with suspicious file attachments. Organizations are also asked to use anti-spam solutions on their systems and update their spam block lists. In addition to this, the basic practices of installing certified anti-virus software on your system and updating it regularly is also advised. CERT-In has listed a set of measures to take in the wake of Locky ransomware.

Locky ransomware was released in 2016, and follows the same path of taking hold of your system, encrypting your files and demanding ransom to unlock it. Locky ransomware spreads through zip attachments sent via emails. These attachments contain Visual Basic Scripts (VBS) embedded in the zip file inside which, a downloader leading to the domain greatesthits[dot]mygoldmusic[dot]com . If you open the attachments and visit this website, variants of Locky ransomware will be downloaded to your system. ALSO READ: Government issues alert on new ransomware Locky

Once Locky ransomware enters your system, all files will be encrypted and the names will be changed with extensions .lukitus or .diablo6 . Earlier the encrypted files on the system would be shown with the extension .locky . Post encryption, the desktop background on your system will be changed to one showing an htm file titled Lukitus.htm which contains instructions on how to pay the ransom amount. ALSO READ: New variants of Locky ransomware observed: eScan

As per reports, the attackers are demanding ransom between .5 to 1 Bitcoin which amounts to over Rs 2 lakh. In addition to the malicious mail attachments, it is said that Locky ransomware is spreading through fake dropbox sites as well. These pages when viewed on Chrome or Firefox browsers will show a popup notification with the alert you don t have the HoeflerText font . Clicking on the notification will download an update to your system which actually contains infected JavaScript (.js) file. ALSO READ: After WannaCry, Mamba and Locky ransomware return to India

For the latest tech news across the world, latest PC and Mobile games, tips & tricks, top-notch gadget reviews of most exciting releases follow BGR India’s Facebook, Twitter, subscribe our YouTube Channel.
  • Published Date: September 3, 2017 10:32 AM IST

new arrivals in india

Best Sellers