On Saturday, the government issued an alert warning users regarding the spread of Locky, a kind of ransomware. This ransomware is spread via email and locks or encrypts files on the attacked computers. The hackers demand payment from the victims in order to unlock the files.
CERT-In (Indian Computer Emergency Response Team) advised the residents of Indian, Indian companies as well as corporate houses to watch out for suspicious emails that have file attachments. The attackers send malicious email attachments to spread Locky. CERT noted that a massive email campaign involving 23 million emails have been sent and is underway in order to make people fall prey to the ransomware.
Also read: Understanding Ransomware
CERT has advised people not to click the emails with subjects such as pictures, scans, photos, images, documents, and please print. Also, there is a possibility for the attackers to change their strategy and include other subject lines in their emails. Apparently, it is better to avoid clicking on unwanted and suspicious emails. The malicious emails will have zip attachments with VBS (Visual Basic Scripts) embedded as a secondary zip file. The VBS file will have a downloader that polls to the domain 'greatesthits[dot]mygoldmusic[dot]com. Make sure you do not visit this malicious website and download the variants of Locky ransomware, noted CERT.
Locky is a popular ransomware that was one of the first attacks that made a global impact. The Locky attacks were reports early in 2016 while the others such as WannaCry and Petya become relevant recently.
In general, CERT has advised users to be cautious while opening any emails that have come from suspicious or unwanted email ids as well as those with fishy file attachments. The agency has advised organizations to come up with anti-spam solutions and update the spam block lists. The agency further warns that the ramsomware will affect the network drives, attached removable media storage devices, and the files stored in the computer. Even after paying the demanded ransomware through Bitcoins, there are chances for the attackers to not unlock the files.