Locky Ransomware Leads in Malware Infections

August 3, 2016 | By K. Joseph Breheny
1 Star2 Stars3 Stars4 Stars5 Stars
Loading...

Cyber criminals have increased spamming with malware-laced emails. Malicious servers are spewing out malicious emails at the rate of hundreds of millions of emails per day. Cyber experts state that the spam volume has reached never before levels. When more spam emails are sent, the chances of hits are better, and considering the reports received, cyber criminals are achieving what they desire – malware infection has considerably increased.

And it is not just any ordinary malware that is currently being spread – it is the “Locky” ransomware – and it is considered to be the top most malware doing the rounds these days. Cyber security analysts monitoring the prevalence of malware have reported that the Locky is spreading very rapidly and is successfully infecting scores of devices and computers.

Cyber security experts also warn that the phishing and spear-phishing emails have also become sophisticated – they look pretty legitimate which would convince nearly any user that the email is authentic and the attachment could be opened safely.

The Locky ransomware was first observed at the start of 2016, and it is suspected to have been created by the same group that had created the dreaded Dridex Banking Trojan. The Locky was spread as an exploit and also as an attachment in two ways – as JavaScript files and as Office files with malicious macros.

In the second quarter of 2016, the Necurs botnet, the Nuclear exploit kit and the Angles exploit kit shut down which led to a decrease in spam emails and infections. However, the Necurs came back with more vigour and sophistication that cyber security experts feel could have more drastic consequences.

The Necurs botnet had pushed Locky to the No.1 position in infections even before it shut down for the brief period. But, the Necurs botnet has come back and is spewing massive spam that is promising more infections – be ready to face significant system downtime and loss of data.

Lately, cyber criminals seem to be favoring JavaScript files for spreading the malware. The CryptXXX (.crypt Encrypted Files) ransomware that spreads through exploits and infects through encryption is also causing major concern. The Angler and Nuclear exploit kits had used this malware to cause major infections.

Locky targets Android OS

Nowadays, cyber criminals are targeting mobile devices running on the Android operating system. More malware is being discovered against the Android operating system than against the iOS.

In the Locky attack, a zipped archive contained the JavaScript and this script contained a downloader that brought in Locky. This ransomware has considerably evolved and one of the latest Locky variants adds a “.zepto” extension to the files that it infects and encrypts.

Cyber security experts also observed that Locky was also being distributed through “.docm” files and WSF files were also being used instead of JavaScript files.

 Stay protected against Ransomware

In order to stay protected from ransomware, users have to be careful when opening any attachments from doubtful sources. And regular and systematic backups of data have to be performed. Nevertheless, a robust antivirus that proactively protects against zero-day exploits and removes malware by using default-deny technology, auto-sandboxing , spam filtering and real-time file scanning is essential for any enterprise and also for users.

Free Antivirus


Related Resources:

Best Free Anti-Malware Tool

Be Sociable, Share!
Be Sociable, Share!

Tags:

Add new comment

Your name
Comment

You may use these HTML tags and attributes: <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>