There have been a good amount of global ransomware attacks lately. There is a lot of confusion about what to trust and what to avoid. Attacks like WannaCry and Petya were already too much, over which the e-mail based Locky has emerged. Locky ransomware spreads through spam emails, according to the alert by the Indian CERT. Although there are no reports of damage in India, people better be safe than sorry.
What is Locky?
It is a ransomware in which the cyber criminal blocks access to your data, encrypts it and then demands money to unlock it back again. Locky has been active since last year and is recently back with a new variant. Locky is one of the largest ransomware attacks, with more than 23 million messages, as per AppRiver. It was first launched on August 9 last year and is growing ever since.
How does Locky work?
This malware is spread through spam emails with zipped files having extensions like ‘.diablo6’ or ‘.Lucius’ according to the new variant. The Malwarebytes research says that the zip files have Visual Basic Scripts embedded onto a secondary zip file, which contains a downloader. The messages in emails are common content like images, scans, documents, etc. On opening these attachments, the variant will automatically download the ransomware on your computer. The desktop background will change and users will have to pay 0.5 Bitcoin (1.5 lakh rupees) to unlock their data through a new browser, which will have the decryption service.
Protection from Locky
Till now, there is no way to decrypt data without paying the ransom. So we better take some protection steps to avoid the situation at all.
- Always keep a regular back up of your files.
- Use a good antivirus program.
- Keep an eye on suspicious emails and messages.
- Never open an unknown file, especially on a spam email.