Locky Ransomware Back with Gusto

Tuesday, September 5, 2017 @ 04:09 PM gHale


Once again, the Locky ransomware is out there and ready to go.

Delivered through one of the largest spam campaigns with as many as 23 million sent messages per day, the latest version adds the .lukitus extension to the encrypted files.

RELATED STORIES
Ransomware has Manufacturing Focus
Users Learning, But Ransomware Still a Problem
Ransomware Shuts Down SMBs
Ransomware Attacks Force OS Change

“This email campaign still is coming in large volumes, and AppRiver already has quarantined more than 5.6 million of these messages since this morning,” said AppRiver researchers in a blog post.

“Once all the victim’s files have been encrypted the attackers leave decryption instructions by changing the desktop background to an image with instructions as well as a HTM file on the desktop aptly named Lukitus[dot]htm,” AppRiver researchers said.

The malware arrives in inboxes attached to emails with vague subject lines like “please print,” “documents,” “scans,” and “images.”

For those who end up infected, there are no publicly shared methods to reverse this Locky strain.

Those behind this malware campaign are asking 0.5 Bitcoin to deliver the decryption key.

“The victim is instructed to install the TOR browser and is provided an .onion(aka Darkweb) site to process payment of .5 Bitcoins, which currently amounts to an eye popping $2,150. Once the ransom payment is made the attackers promise a re-direct to the decryption service,” researchers said in a post.



Leave a Reply

You must be logged in to post a comment.