After WannaCry, government issues alert against dangerous Locky Ransomware
Government of India has issued an alert against Locky Ransomware, a high-intensity virus that can lock your computers and demand ransom for unlocking them. As per the alert, Locky is already doing rounds through spam mails and is using fake download links to bait users. The alert comes only a month after India was hit by the WannaCry ransomware attack. Here's more about Locky.
The WannaCry ransomware was used in a massive cyber attack in May 2017. It affected organizations in 99 countries including UK's National Health Services and at least 48,000 Indian systems. The ransomware, which targets vulnerabilities in Windows, demanded $300 in Bitcoins for unlocking infected systems.
According to the alert issued by the Cyber Swachhta Kendra, Locky is getting around through a massive wave of spams. At least 23 million spam mails have been circulated as part of the "campaign". Reportedly, fake Dropbox links are also being used to bait users. These contain common subject lines including "please print" and "images", although these may vary in targeted phishing campaigns.
All files in a system infected by Locky Ransomware appear as encrypted files stringed with random numbers. These come attached with the extensions "[.]diablo6," " [.]lukitus." or ".locky." After Locky locks or encrypts the system, the desktop background displays instructions and an htm file named "Lukitus[dot]htm." These instructions provide details about installing TOR browser and demands a ransom of 0.5 Bitcoins (Rs. 1,50,000).
"Users are advised to exercise caution while opening e-mails and organizations are advised to deploy anti-spam solutions and update spam block lists," states the government alert. It further lists backing up data, updating anti-virus and other software and safe web-browsing among other counter measures.