An alert on the spread of Locky, a type of ransomware through which attackers encrypt (lock) files on impacted computers and then demand payment from the victims in exchange of unlocking those files has been issued.
Indian Computer Emergency Response Team (CERT-In), an arm of Ministry of Electronics and Information Technology, advised residents of India as well as Indian companies and corporate houses, to look out for suspicious emails with file attachments, the common way attackers are using to spread Locky. CERT said that a massive email campaign — in which more than 23 million have been sent — is underway to trick people into installing Locky ransomware via emails.
CERT advised people to not click on emails with subjects like "please print", "documents", "photo", "Images", "scans" and "pictures."
It noted however that attackers may, and likely will, change their strategy and include other kind of messages in the subject line of their emails. In general, just avoid clicking on any suspicious email. "The messages contain ‘zip' attachments with Visual Basic Scripts (VBS) embedded in a secondary zip file. The VBS file contains a downloader which polls to domain 'greatesthits[dot]mygoldmusic[dot]com' (please do not visit this malicious website) to download variants of Locky ransomware,' CERT said.
Locky is one of the most popular ransomware, and among the first to have made global impact. First incidents of attacks with Locky were reported early last year, but then other kind of ransomware such as Petya and WannaCry became more prevalent. Last month security firms Symantec, MalwareBytes, and Comodo and others reported about resurgence of Locky ransomware in cyber attacks.
Last month, MalwareBytes reported about two new variants of Locky ransomware including the ones that used file extention ".diablo6” and ".Lukitus”.
CERT has advised ised to steer away from clicking on any such suspicious files, adding that they should consider taking regular backup of their important files. In an event of Locky ransomware attack, the victims lose access to all files. Furthermore, you should consider not keeping external hard drives -- in which you may have copied your important files -- attached to your computers at all times, as access to the will also get blocked in case you become a victim of Locky.
Users should consider moving their important files to cloud (via online storage services such as Microsoft's OneDrive, Google's Drive, Dropbox) as files stored on their servers may remain accessible in case of ransomware attacks.
More details can be obtained from the specific link by CERT here.