Locky is known as the new ransomware family which appeared a few weeks ago and already made a progress in its activity.
According to security researchers, Locky has turned into a commonly seen type of ransomware, which is used to hold a computer’s files hostage pending a ransom payment.
The security experts claim that 18% of 4 million spam messages they collected in the last week were ransomware-related, lots of these linked to Locky.
“We are currently seeing extraordinary huge volumes of JavaScript attachments being spammed out, which, if clicked on by users, lead to the download of a ransomware,” the security researcher Rodel Mendrez said.
Locky ransomware is distributed through spam messages which have been sent through the same botnet used to send the online banking malware Dridex.
Initially, the spam messages contained malicious Microsoft Word documents with macros which would download Locky. However, currently the latest Locky emails contain an obfuscated JavaScript file, which downloads the ransomware as soon as it’s executed.
“We believe the change to JavaScript is to evade antimalware products due to its obfuscation and small size, which suggests the file is benign,” the security expert from McAfee said.
A security vendor analyzed the statistics collected by its software between Feb. 17 and March 2, 2016. The software detects when ransomware connects to command-and-control servers used by cyber-criminals to manage the malware.
According to the software, about 16.4% of 18 million communications it detected were for Locky infections, with the rest belonging to two of the most popular ransomware families – CryptoWall and TeslaCrypt.
“As predicted, Locky already covers a big chunk of the infections,” the senior antivirus analyst Roland Dela Paz stated. “Most of the Locky infections appear to be in the U.S., France and Japan”, he added.
According to the FBI, Locky ransomware has become one of the biggest threats to consumers and businesses. Despite the fact that some ransomware writers made mistakes in their code early on, there’s usually no way to recover the files unless the decryption key is released.
Usually, the demanded ransom is a few hundred dollars, and detailed instructions are displayed to victims for how to pay in bitcoin.
Considering the malicious threats nowadays, security specialists advise users backing up their files to recover from a ransomware attack and ensuring that the backup drive is safe.
