Locky Ransomware Spreading in Massive Spam Attack

[RV_]

This one comes in as an attachment usually as an invoice and when you open it a Java script encrypts your data and asks for money to unlock it. There is also a banking malware component.

 

Again you have to open an attachment to get infected and encrypted but this one is a massive campaign. Just don't open attachments that are unexpected and you remain safe.

 

Excerpt:

 

"Researchers are tracking a massive spam campaign pelting inboxes with Locky ransomware downloaders in the form of JavaScript attachments. The huge spike, reported by security firm Trustwave, represents an extraordinary uptick in the attempted distribution of the Locky ransomware.

 

Trustwave said over the last seven days, malware-laced spam has represented 18 percent of total spam collected in its honeypots. Trustwave said malware-infected spam typically represent less than 2 percent of total spam. The recent increase to 18 percent is almost entirely traced to ransomware JavaScript downloaders. Campaigns aren’t continuous, Trustwave reported, but are delivered in hour-long bursts.

 

The intense spam campaigns signal a new attack strategy for those behind Locky ransomware. The threat vector, which is through spam email, is not new at all. “The sheer volume and high influx of Locky ransomware spam over the past weeks is what makes it noteworthy,” said Rodel Mendrez, a security researcher with Trustwave, in an email exchange with Threatpost.

 

The campaigns, Trustwave said, are originating from the same botnet responsible for previously spammed documents with malicious macros which downloaded the Dridex banking trojan.

 

“The actors behind the campaigns have merely changed the delivery mechanism (.js attachment) and the end malware – ransomware,” wrote Mendrez in a security bulletin posted to the company’s SpiderLabs research blog. “It’s the same botnet, different day, and different payload,” Mendrez wrote.

 

In the case of the Dridex banking malware, victims received an email attachment disguised as an invoice but was actually a document-based macro attack.

 

This most recent Locky ransomware spam campaign includes a JavaScript attachment that downloads Locky ransomware.

 

There is no vulnerability that Locky is taking advantage of, Mendrez said. “It uses social engineering and takes advantage of human gullibility to infect systems. Even the up-to-date systems are not protected,” he said."

 

See exactly what the malware does and more at the article here : https://threatpost.com/locky-ransomware-spreading-in-massive-spam-attack/116727/#sthash.hAgGaHP7.dpuf

[wildmandmc]

back in the day when stuff like this (invoices ) was sent via 'snail mail' a lot less would happen.

Ppl entrusted with clicking an managing a company should have a lot more know how about how pc's get infected, instead of just needing the ability to use a office software product.