Locky, a deadly “ransomware” has hit India. State-run Indian Computer Emergency Response Team(CERT-in) has issued an advisory on the spreading of Locky ransonware in the country, urging users to not open any emails with attachments from unknown senders. The alert said the ransomware spreads through “massive spam campaign”. It has been reported that over 23 million messages have been sent in this phishing campaign.
CERT-in advised both the citizens and large organizations to not open emails with subjects like “please print”, “documents”, “photo”, “images”, “scans” and “pictures”. However, the subject texts may change in targeted spear phishing campaigns. The messages contain “zip” attachments with Visual Basic Scripts (VBS) embedded in a secondary zip file. The VBS file contains a downloader which polls to domain “greatesthits [dot] mygoldmusic [dot] com (please do not visit this malicious website), the alert said.
Locky first surfaced in 2016. It is a deadly ransomware that encrypts files on victims’ PCs and adds a .locky file extension. The attackers then demand ransom to unlock the files. Locky asks for a Bitcoin payment in order to recover the files. The Locky ransomware has extorted more than $7.8 million in payments, according to a recent study by Google, Chainalysis, UC San Diego, and the NYU Tamdom school of Engineering.
CERT-in has briefed several preventive measures to protect the computer from ransomware attacks:
• Make sure to perform regular backups of all critical information limit the impact of data or system loss and to help expedite the recovery process.
• Don’t open attachments in unsolicited e-mails, even if they come from people in your contact list, and never click on a URL contained in an unsolicited e-mail, even if you think it looks safe.
• Disable ActiveX content in Microsoft Office applications such as Word, Excel, etc.
• Keep your operating system, browsers, browser plugins and antivirus software up-to-date.
• Disable Macro in Microsoft Office applications