Again Ransomware Hit the internet through Email Somehow, this malware has already infected hundreds of computers in Europe, Russia, the US, Pakistan, and Mali. 

The malicious script downloads Locky's malware executable file from a Web server and stores it in the "Temp" folder associated with the active user account. Once installed, it starts scanning for attached drives (including networked drives) and encrypts document, music, video, image, archive, database, and Web application-related files. Networked drives don't need to be actively mapped to be found, however.

Screen short of crypted Doc File

"When Locky encrypts a file it will rename the file to the format [unique_id][identifier].locky," wrote Abrams. "So when test.jpg is encrypted it would be renamed to something like F67091F1D24A922B1A7FC27E19A9D9BC.locky. The unique ID and other information will also be embedded into the end of the encrypted file."

Locky ransomware is being distributed via Microsoft 365 or Outlook in the form of an Invoice email attachment (Word File that embeds vicious macro functions).

The concept of macros dates back to 1990s. You must be familiar with this message: "Warning: This document contains macros."

Now macros are back, as cyber criminals discover a new way to get internet users to open Microsoft Office documents, especially Word files that allow macros to run automatically.

Once encrypted, the ransomware malware displays a message that instructs infected victims to download TOR and visit the attacker's website for further instructions and payments.

Locky ransomware asks victims to pay between 0.5 and 2 Bitcoins ($208 to $800) in order to get the decryption key.

If u dont know about this then here is a nice video of how any what Ransomeware work 

Post a Comment