Kaspersky Lab: Locky – the encryptor taking the world by storm
With the upward trend in the number of ransomware and Trojan threats, Kaspersky Lab has detected a new ransomware Trojan called Locky.
With the upward trend in the number of ransomware and Trojan threats, Kaspersky Lab has detected a new ransomware Trojan called Locky. Kaspersky Lab warns that this ransomware is spreading pervasively across the world, whereby Kaspersky Security Network has already reported Locky attacks in 114 countries – and to date South Africa has experienced the 6th highest number of attacks at 220.
Analysis of the samples has shown that this Trojan is a brand new ransomware threat, written from scratch. However, the analysis has also shown that Locky is a typical ransomware Trojan, where it exhibits no major differences from other ransomware families in its internal arrangement or its principles of operation.
Locky, encrypts the users file, and then displays a message with the cybercriminals ransom demands. To spread the Trojan, cybercriminals send out mass mailings with malicious loaders attached to the spam messages. The malicious spam messages contain an attached DOC file with a macro that downloads the Locky Trojan from a remote server and executes it, once the user is prompted to click on the link - Locky then reads the data and continues with the infection process.
According to Fedor Sinitsyn, Senior Malware Analyst at Kaspersky Lab; “Ransomware is posing to be one of the fastest growing classes of malicious software. Our research shows that crypto-trojans carry out attacks in practically all regions of the world. Among other Trojans, Locky caught our attention because it was so active and spread so pervasively and quickly. We also noticed that the attacks weren’t partial to any particular region, where we have received notifications about attacks in over 114 countries across all continents – no other ransomware Trojan to date has targeted so many countries at once”.
As cybercriminals continue to look for new ways to make their victims pay, users can follow these tips to protect themselves against the ransomware Trojan Locky at all stages of the attacks:
- Install and regularly update anti-virus software products, as these products continue to be a good first line of defense, where they have blocked Locky attacks in over 100 countries around the world;
- Do not open attachments in emails from senders you don’t know;
- Back up your files on a regular basis and store the backup copies on removable storage media or in cloud storages – not on your computer;
- Regularly run updates for your antivirus databases, operating system and other software installed on your computer;
- Create a separate network folder for each user when managing access to shared network folders.
For more detailed information about protection from ransomware Trojans, please click here.
Kaspersky Lab: Locky – the encryptor taking the world by storm
Kaspersky
Related Articles Virus News
Botnet activity in H1 2018: Multifunctional bots becoming more widespread
Kaspersky Lab researchers have published a report on botnet activity in the first half of 2018, analysing more than 150 malware families and their modifications circulating through 600,000 botnets around the world.Read More >AppleJeus: Lazarus group hunts cryptocurrency exchanges using macOS malware
Researchers in Kaspersky Lab’s Global Research and Analysis Team (GReAT) have discovered AppleJeus - a new malicious operation by the infamous Lazarus group.Read More >Dark Tequila: complex banking malware operating since at least 2013
A sophisticated cyber-operation code-named Dark Tequila has been targeting users mainly in Latin America and in particular Mexico, for at least the last five years, stealing bank credentials, personal and corporate data with malware that can move laterally through the victim computer while offline.Read More >