Locky ransomware strikes at Amazon

pandasecurity-locky-amazon

Locky is back!

We’ve been closely monitoring the rebirth of the ransomware for quite some time. Since early last year, different variations of the ransomware have been periodically popping in and out. Last year we discussed the tricks of the malicious software and had a deeper look into how it works. As you may remember, the primary purpose of the malicious software is to make it to your computer. Once it gets there, it encrypts all certain files on your system and threatens you to delete them unless you pay a ransom. Payment in digital cryptocurrency is usually required by the cybercriminals to get back control of your files.

Amazon Marketplace

Multiple outlets such as ZDNet and Silicon Angle reported that a new version of Locky has been spreading around in a massive phishing attack. Cybercriminals have been sending roughly 1 million phishing emails per hour since Tuesday, and they are still going. Most of the attacks are disguised as fake Amazon Marketplace and Herbalife invoices spam emails, and phony printer orders, containing a zip file able to infect your computer with malicious software. The malicious emails have been targeted at businesses from all over the world. The main affected areas are US, Japan, Germany, and China.

How it works

Some of the infected users report that once Locky makes its way in, it builds the path for another type of ransomware called FakeGlobe. This means that if you fall a victim of one of Locky’s versions, you may potentially have to deal a second ransom. This is a new technique, but we shouldn’t be surprised as the recent phishing scams are getting more and more sophisticated. For example, the criminal minds behind the attack have been scheduling the emails to reach potential victims during working hours hoping to trick them into thinking it is a legitimate email.

Who’s behind Locky

No one yet knows who is behind Locky yet. ZDNet reported Locky makes its way via the Necurs botnet – an army of more than five million infected devices often used by cybercriminals for other shady activities such as executing email stock scams. However, most of the attacks are known to come from India, Greece, Vietnam, Colombia, Turkey, and Iran.

The fact that Locky in all its versions keeps coming back means that some people and businesses still fall for it.

Here are a few suggestions on how to prevent becoming a victim.

Install antivirus software – make sure those infected emails don’t even make it to you or your employee’s inboxes. And if they managed to go in through your spam filter, proper antivirus software would prevent you from opening the attachment able to infect your computer.

Do the updates – those updates are there for a reason. Very often malicious software exploits security holes in your operating system, don’t be shy and encourage your IT department always to make sure your systems are fully up-to-date.

Be smart – spend some time educating your employees about the harm that security breaches bring to your customers and your employees themselves. Roughly 60% of small businesses who suffer a hacker attack go out of business within six months. No one wants to lose his job! Also, remember not open suspicions emails!

Backup your files – make sure that you run a backup of your files at least once a week. This is how you will know that even if you or your business gets affected, you won’t have to pay the ransom but it may be a good excuse for a reinstall of your OS and full format of your drives.

The post Locky ransomware strikes at Amazon appeared first on Panda Security Mediacenter.