Ransomware has been the largest cybersecurity threat in the world for over a year now. Over that time we've seen a number of massive attacks. The WannaCry variant that occurred earlier this year in May was extremely nasty, locking up hundreds of thousands of computers in over 150 countries.
One of the first known ransomware attacks to hit the scene was dubbed Locky, but it hasn't been prevalent in a while. Until now. A new Locky ransomware variant is spreading and you need to know what to watch for.
How cybercriminals are spreading Locky ransomware
Researchers at Comodo Threat Intelligence Lab recently discovered a new Locky variant dubbed IKARUSdilapidated. It is being distributed through phishing emails that contain little to no content. The email does, however, have a malicious file attached to it.
The attachment is either a Word document, PDF, archive zip file, or image file. If the recipient executes the attachment, it infects their gadget with IKARUSdilapidated ransomware.
A Comodo spokesperson said, "When the user opens the attached document, it appears to be full of garbage, and it includes the phrase 'Enable macro if data encoding is incorrect' - a social engineering technique used in this type of phishing attack. If the user does as instructed, the macros then save and run a binary file that downloads the actual encryption Trojan."
Here is an example of what the email looks like:
Image: Phishing email distributing Locky ransomware. (Source: Threatpost)
Once the victim's gadget is infected with the ransomware, a message appears instructing them to download the Tor browser. Then, a ransom of up to $1,200 is demanded that the victim is told to pay using bitcoin.
So far, there have been tens of thousands of these phishing emails delivered. The cybercriminals are using botnets to send the malicious emails.
(Note: A botnet is a group of gadgets that hackers have taken over without the owner's knowledge. The hackers seize control of unwitting gadgets with a virus, and then use the network of infected computers to perform large-scale hacks or scams.)
As you can see, this is a very elaborate scam. Phishing emails, botnets, and ransomware are all used in this attack to scam people out of money. That's why you really need to know how to avoid falling victim to this attack.
How to protect against ransomware
The best way to defeat a ransomware attack is to take precautionary steps. Here are suggestions that will help:
- Back up data regularly - this is the best way to recover your critical data if your computer is infected with ransomware.
- Make sure your backups are secure - do not connect your backups to computers or networks that they are backing up.
- Never open risky links in emails - don't open attachments from unsolicited emails, it could be a phishing scam. Ransomware can infect your gadget through malicious links found in phishing emails. Can you spot one? Take our phishing IQ test to find out.
- Do NOT enable macros - You should never download PDF, Word or Excel files attached to unsolicited emails to begin with. If you do open one of these documents and it says that you need to turn on macros, close the file and delete it immediately.
- Have strong security software - this will help prevent the installation of ransomware on your gadget.
Backing up your critical data is an important safety precaution in the fight against ransomware. It's the best way to recover your files without paying a ransom.
We recommend using our sponsor IDrive. You can backup all your PCs, Macs and mobile devices into ONE account for one low cost! Be sure and use promo code Kim to receive an exclusive offer.