Beware of viruses: Locky Ransomware

INTERNET PEOPLE should be alert to the threat of Locky, a new malware strain that wants to part you from your hard-earned.

Locky, as we learn at the Trustwave website, is a swine, and a greedy one at that. It's ransomware with a dash of spamming and JavaScript that is after your pennies, apparently.

"We are currently seeing extraordinarily huge volumes of JavaScript attachments being spammed out which, if clicked on by users, lead to the download of ransomware. Ransomware encrypts data on a hard drive, and then demands payment from the victim for the key to decrypt the data," said the firm on its Spiderlabs blog.

"Our Spam Research Database saw around four million malware spams in the last seven days, and the malware category as a whole accounted for 18 percent of total spam arriving at our spam traps."

These campaigns are coming from the same botnet responsible for previously spammed documents with malicious macros which downloaded the Dridex trojan, the firm explained.

"The actors behind the campaigns have merely changed the delivery mechanism (.js attachment) and the end malware (ransomware). This type of malware has a very destructive payload," Trustwave said.

This mere change, however, is a big part of the Locky problem since it has enabled the malware to fool some antivirus software and cause havoc.

The payload is a software git that encrypts all your files and asks for a bitcoin ransom. There is some debate over whether it is wise to pay out on ransomware demands, but some have done it.

Trustwave, which can protect you against this, suggested that firms consider blocking .js attachments at the gateway, presumably with a sharp stick.

"Ransomware attacks grow more common because they're effective and lucrative. They're effective because it's relatively easy to trick someone into downloading malware via phishing," said David Gibson, VP of strategy and market development at Varonis.

"It's lucrative because many people and organisations end up deciding it's just easier to pay." µ

To hear more about security challenges, the threats they pose and how to combat them, sign up for The INQUIRER sister site Computing's Enterprise Security and Risk Management conference, taking place on 24 November.

Email attachment