The government on late Saturday issued an alert on the spread of Locky, a type of ransomware
through which attackers encrypt (lock) files on impacted computers and
then demand payment from the victims in exchange of unlocking those
files. Indian Computer Emergency Response Team (CERT-In), an arm of
Ministry of Electronics and Information Technology, advised residents of
India as well as Indian companies and corporate houses, to look out for
suspicious emails with file attachments, the common way attackers are
using to spread Locky. CERT said that a massive email campaign — in
which more than 23 million have been sent — is underway to trick people
into installing Locky ransomware via emails.
CERT
advised people to not click on emails with subjects like "please
print", "documents", "photo", "Images", "scans" and "pictures." It noted
however that attackers may, and likely will, change their strategy and
include other kind of messages in the subject line of their emails. In
general, just avoid clicking on any suspicious email. "The messages
contain ‘zip' attachments with Visual Basic Scripts (VBS) embedded in a
secondary zip file. The VBS file contains a downloader which polls to
domain 'greatesthits[dot]mygoldmusic[dot]com' (please do not visit this
malicious website) to download variants of Locky ransomware,' CERT wrote
in the notification.
Locky
is one of the most popular ransomware, and among the first to have made
global impact. First incidents of attacks with Locky were reported
early last year, but then other kind of ransomware such as Petya and
WannaCry became more prevalent. Last month security firms Symantec,
MalwareBytes, and Comodo and others reported about resurgence of Locky
ransomware in cyber attacks.
Last
month, MalwareBytes reported about two new variants of Locky ransomware
including the ones that used file extention ".diablo6” and ".Lukitus”.
CERT
has advised ised to steer away from clicking on any such suspicious
files, adding that they should consider taking regular backup of their
important files. In an event of Locky ransomware attack, the victims
lose access to all files. Furthermore, you should consider not keeping
external hard drives -- in which you may have copied your important
files -- attached to your computers at all times, as access to the will
also get blocked in case you become a victim of Locky.
In a conversation with Gadgets 360 last month, Microsoft
executives said that users should consider moving their important files
to cloud (via online storage services such as Microsoft's OneDrive,
Google's Drive, Dropbox) as files stored on their servers may remain
accessible in case of ransomware attacks.SOURCE: Gadget360
No comments:
Post a Comment