Locky Ransomware spreading through massive spam campaign: CERT-In

The Indian Computer Emergency Response Team (CERT-In) on 2 September 2017 stated that the Locky Ransomware is spreading through massive spam campaign.

As per the reports, more than 23 million messages have been sent in this campaign. The messages contain common subjects like "please print", "documents", "photo", "Images", "scans" and "pictures". However the subject texts may change in targeted spear phishing campaigns.

The messages contain "zip" attachments with Visual Basic Scripts (VBS) embedded in a secondary zip file.

It is also reported that a spam campaign showing links to fake dropbox sites is being used to spread Locky variants.

If the pages are viewed in Chrome or Firefox, they show a fake notification stating “you don't have the HoeflerText font”. These fake notifications had an "update" button that returns a malicious JavaScript (.js) file.

The CERT-In advised the users to exercise caution while opening emails. The CERT-In also advised the organizations to deploy anti spam solutions and update spam block lists.

The ransomware is known to scramble contents of a computer or server and demands payment to unlock it "usually by anonymous decentralised virtual currency Bitcoins".

About Indian Computer Emergency Response Team

• The Indian Computer Emergency Response Team is an office within the Ministry of Electronics and Information Technology.

• It is the nodal agency to deal with cyber security threats like hacking and phishing.

• It strengthens security-related defence of the Indian Internet domain.

• In December 2013, CERT-In reported there was a rise in the cyber attacks on Government organisations like banking and finance, oil and gas and emergency services. It issued a list of security guidelines to all critical departments.

• In March 2014, CERT-In reported a critical flaw in Android Jelly bean's VPN implementation.