comscore New variants of Locky ransomware observed: eScan | BGR India
News

New variants of Locky ransomware observed: eScan

Locky ransomware spreads by sending malicious attachments over email and locking down or encrypting important data.

mambo-locky-ransomware

Ransomware is the latest weapon used by criminals in cyber warfare. While security analysts time and again aim at curbing the spread of such malicious code, hackers take it to the next level with newer versions. Now, security firm eScan has observed deadlier variants of one of the largely distributed ransomware, called Locky.

Locky ransomware, as the name suggests, tricks you into downloading a malicious attachment which then takes over your computer’s data and locks it down or encrypts it for ransom. Hackers send attachment composed of scrambled, unreadable text with a title asking users to enable macros (for Microsoft Word) to make the content readable. Once a user does that, the ransomware is executed, which renames all important files with .locky as the extension and renders them inaccessible until a ransom amount of 0.25-1 Bitcoin is paid.

eScan researchers have now discovered that there are two new variants of Locky ransomware which add .diablo6 or .lukitus as file extensions to the infected files. The firm further warns that spam emails might contain attachments, including JavaScript files, MS Office documents, etc. which could be designed to download or install the malware on your system. ALSO READ: LeakerLocker ransomware: Hackers threaten to expose your browser history, messages and more

The firm further warns that unlike WannaCry, there is no kill switch for Locky ransomware, and files can be accessed only after the ransom is paid. It may be recalled that WannaCry ransomware was put to stop after 23-year-old cyber expert, Marcus Hutchkins, accidentally discovered a kill switch. However, it was recently reported that WannaCry ransomware has found its way again into 200 systems in DelhiALSO READ: Hacker who helped stop WannaCry arrested for allegedly selling banking malware

In order to avoid becoming prey at the hands of Locky ransomware, eScan suggests that law enforcement agencies and security researchers may try to gain access to the command and control server and provide decryption keys. Meanwhile, administrators can take preventive measures to thwart the attack by blocking all executable files from being transmitted via emails. They can also isolate the infected system in the network, and restore the encrypted files from the backup or from system restore point for affected systems. Users, on the other hand, should not enable macros in documents, while organizations could deploy and maintain backup solution.

  • Published Date: August 24, 2017 4:38 PM IST