comscore CERT-In issues alert on 'Locky' ransomware spreading in India | BGR India

CERT-In issues alert on 'Locky' ransomware spreading in India

Locky ransomware spreads through malicious email attachments, and encrypts your files.

  • Published: September 3, 2017 10:32 AM IST

This year saw a sudden influx of ransomware starting with WannaCry in May, following which Mamba, Petya and Locky also made surprise visits. New variants of Locky ransomware had started targeting users a week back, and appear to have arrived in India as well. The Indian Computer Emergency Response Team (CERT-In) has now issued an alert for Locky ransomware warning users in India to stay cautious of it.

CERT-In advises all users to take caution while opening emails and to avoid those with suspicious file attachments. Organizations are also asked to use anti-spam solutions on their systems and update their spam block lists. In addition to this, the basic practices of installing certified anti-virus software on your system and updating it regularly is also advised. CERT-In has listed a set of measures to take in the wake of Locky ransomware.

Locky ransomware was released in 2016, and follows the same path of taking hold of your system, encrypting your files and demanding ransom to unlock it. Locky ransomware spreads through “zip” attachments sent via emails. These attachments contain Visual Basic Scripts (VBS) embedded in the zip file inside which, a downloader leading to the domain “greatesthits[dot]mygoldmusic[dot]com”. If you open the attachments and visit this website, variants of Locky ransomware will be downloaded to your system. ALSO READ: Government issues alert on new ransomware ‘Locky’

Once Locky ransomware enters your system, all files will be encrypted and the names will be changed with extensions “.lukitus” or “.diablo6”. Earlier the encrypted files on the system would be shown with the extension “.locky”. Post encryption, the desktop background on your system will be changed to one showing an “htm” file titled “Lukitus.htm” which contains instructions on how to pay the ransom amount. ALSO READ: New variants of Locky ransomware observed: eScan 

As per reports, the attackers are demanding ransom between .5 to 1 Bitcoin which amounts to over Rs 2 lakh. In addition to the malicious mail attachments, it is said that Locky ransomware is spreading through fake dropbox sites as well. These pages when viewed on Chrome or Firefox browsers will show a popup notification with the alert – “you don’t have the HoeflerText font”. Clicking on the notification will download an update to your system which actually contains infected JavaScript (.js) file. ALSO READ: After WannaCry, Mamba and Locky ransomware return to India

  • Published Date: September 3, 2017 10:32 AM IST