Recent Locky Ransomware Campaigns

Delaware, USA – September 21, 2017 – This year, Locky is the most commonly used Ransomware in the world. Almost every week researchers report mass spam campaigns (about 20 million emails per day) targeting residents of dozens of countries. Constant modifications and advanced methods of social engineering allow this virus to be very effective. Particularly worth noting the last two campaigns. In the first case, researchers from Barracuda Labs discovered an aggressive campaign, the primary targets of which were Vietnam, India, Colombia, Turkey and Greece. Attackers sent about 27 million emails containing one of Locky variations with a single identifier – that is, the attackers did not expect the possibility of data decryption if a victim decides to pay a ransom. The second case is noteworthy in that the adversaries distributed two Ransomware samples in the same campaign: Locky and FakeGlobe. The malicious email contained a link and a script in an attachment that connected to different servers and loads both viruses in turn. Thus, the victim’s files were encrypted twice, and for their recovery, it was necessary to pay a ransom two times. The primary targets of this attack were located in Japan, China and the United States.

The main method of infection is still phishing, therefore, to protect against Ransomware, it is necessary to conduct security awareness training for employees. This type of Malware does not encrypt files instantly, so if your company has SEIM, you can use the Ransomware Hunter use case for ArcSight, QRadar and Splunk. This SIEM content uses statistical profiling and behavioral analysis methods, as well as a specialized Ransomware Tracker feed to detect and alert for Ransomware activities as quickly as possible.