Security experts warned about a brand new nasty threat based on Locky ransomware, called Zepto. Over the past four days, Zepto malware has been delivered in approximately 140,000 spam messages. It turns out that the new threat has the capabilities of Locky ransomware which could make it one of the more dangerous encryption lockers in circulation.
According to Cisco’s malware researcher Warren Mercer, the team found 3305 unique samples among the spam haul.
“[Spamming operations] began Monday 27 June with approximately 4000 emails being caught within our email security appliances,” Mercer said.
“The user was tricked with various subject lines as shown below and with various sender profiles such as ‘CEO’ or ‘VP of Sales’ to further encourage the user.”
“The body of the emails were generally urging the user to look at their ‘requested’ documentation.”
The names of the attached malicious zip files were based on the victim’s email address, an underscore, and a random number.
According to Mercer, the attack is new malware on an old vector, one that is gaining momentum.
“Our adversaries do not care as to what they destroy or ransom from you, they simply care about … payment.”
Locky is a dangerous as-yet unbroken ransomware, thanks to which the developers of the Nuclear exploit kit gained $12 million in revenue from 1.8 million attacks cast for one month. Just for information, the monthly income for developers sits around US$100,000.
The businesses are warned to keep backups of all critical data. Those should be offline or otherwise not readily accessible from machines which may be at risk from ransomware infected.