After WannaCry and Petya ransomware, it seems another email-based ransomware known as Locky is wreaking havoc on the internet. The Computer Emergency Response Team (CERT) has alerted the users about the latest ransomware, which spreads through emails that contain common subject lines and an attachment.
For those who are not aware Locky Ransomware is a ransomware that scrambles the contents of a computer or server (associated network shares, both mapped and unmapped and removable media) and demands payment to unlock it usually by anonymous decentralized virtual currency known as Bitcoin. The hackers are demanding a ransom 0.5 Bitcoin, which roughly translates to Rs 1,45,269.
According to the CERT, over 23 million messages have been sent in this campaign. The messages contain common subjects like “please print”, “documents”, “photo”, “Images”, “scans”, and “pictures”. However, the subjects texts may change in some cases.
The message is said to contain “zip” attachments with Visual Basic Scripts (VBS) which are embedded in another secondary zip file. The VBS file contains a downloader which polls to a domain, to download variants of Locky ransomware. However, at the time of writing there is no way to decrypt the files without paying the ransom. In order to protect your system from this ransomware, one should always maintain a backup of all the data and should install an antivirus programme. One should be also careful of suspicious emails and websites as well.