Ransomware is the latest weapon used by criminals in cyber warfare. While security analysts time and again aim at curbing the spread of such malicious code, hackers take it to the next level with newer versions. Now, security firm eScan has observed deadlier variants of one of the largely distributed ransomware, called Locky. Also Read - Internet down: Zomato, Paytm, Disney+ Hotstar, Amazon, Myntra, many other global services suffered massive outageAlso Read - Beware of Joker Malware infected Android Apps: Here's how it affects your private data
Locky ransomware, as the name suggests, tricks you into downloading a malicious attachment which then takes over your computer’s data and locks it down or encrypts it for ransom. Hackers send attachment composed of scrambled, unreadable text with a title asking users to enable macros (for Microsoft Word) to make the content readable. Once a user does that, the ransomware is executed, which renames all important files with .locky as the extension and renders them inaccessible until a ransom amount of 0.25-1 Bitcoin is paid. Also Read - Dark Web Alert! Domino's India data of 180 million orders leaked online
The firm further warns that unlike WannaCry, there is no kill switch for Locky ransomware, and files can be accessed only after the ransom is paid. It may be recalled that WannaCry ransomware was put to stop after 23-year-old cyber expert, Marcus Hutchkins, accidentally discovered a kill switch. However, it was recently reported that WannaCry ransomware has found its way again into 200 systems in Delhi. ALSO READ: Hacker who helped stop WannaCry arrested for allegedly selling banking malware
In order to avoid becoming prey at the hands of Locky ransomware, eScan suggests that law enforcement agencies and security researchers may try to gain access to the command and control server and provide decryption keys. Meanwhile, administrators can take preventive measures to thwart the attack by blocking all executable files from being transmitted via emails. They can also isolate the infected system in the network, and restore the encrypted files from the backup or from system restore point for affected systems. Users, on the other hand, should not enable macros in documents, while organizations could deploy and maintain backup solution.