‘Locky’ Ransomware is Back Again

Ransomware ‘Locky’ first appeared in 2016 and made its resurgence on August 9th, with 62,000 phishing emails related to it. The new Locky variant is powered by more than 11,000 distinct IP addresses in 133 different countries, making it difficult to pinpoint who is exactly powering this virus. The virus detected last week had a new .diablo6 extension, and researchers have discovered new variants now with a .lukitus extension.

This ransomware works through phishing emails, which trick users into opening a docx, pdf, jpg, zip or other file containing the ransomware called “IKARUSdilapidated.” If the user opens the attached file, the ransomware then takes over, encrypting all files that match particular extensions into a unique 16 digit combination with the .locky file extension. After the files are encrypted, users are given instructions for downloading a Tor browser and directed to a site where the cyber criminals demand a ransom payment of up to one bitcoin (which is now over $4,000).

The .lukitus and .diablo6 extensions may disguise themselves as emails with the subject “PAYMENT” or have the email body say something like “Files attached, Thanks.” In the .diablo variant,  the sender’s email address even have the same domain as the recipient’s.

How to Protect Your Computer

  1. DON’T open any email attachments from a user who you do not know.
  2. Configure Windows to show file extensions. This may make it easier to spot files that contain ransomware.
  3. Consider stricter spam filter settings.
  4. Implement a network level firewall.
  5. Maintain up to date antivirus.
  6. Patch software.

Other Precautions You Should Take

Even with the most advanced antivirus software and firewalls, new variants of malware can slip through the cracks. That is why we cannot stress enough how important backing up all your files are. With a proper backup, it will be easier (and less expensive!) to get your important files back and have your business up and running again if malware strikes.

Readers Comments

‘Locky’ Ransomware is Back Again

Ransomware ‘Locky’ first appeared in 2016 and made its resurgence on August 9th, with 62,000 phishing emails related to it. The new Locky variant is powered by more than 11,000 distinct IP addresses in 133 different countries, making it difficult to pinpoint who is exactly powering this virus. The virus detected last week had a new .diablo6 extension, and researchers have discovered new variants now with a .lukitus extension.

This ransomware works through phishing emails, which trick users into opening a docx, pdf, jpg, zip or other file containing the ransomware called “IKARUSdilapidated.” If the user opens the attached file, the ransomware then takes over, encrypting all files that match particular extensions into a unique 16 digit combination with the .locky file extension. After the files are encrypted, users are given instructions for downloading a Tor browser and directed to a site where the cyber criminals demand a ransom payment of up to one bitcoin (which is now over $4,000).

The .lukitus and .diablo6 extensions may disguise themselves as emails with the subject “PAYMENT” or have the email body say something like “Files attached, Thanks.” In the .diablo variant,  the sender’s email address even have the same domain as the recipient’s.

How to Protect Your Computer

  1. DON’T open any email attachments from a user who you do not know.
  2. Configure Windows to show file extensions. This may make it easier to spot files that contain ransomware.
  3. Consider stricter spam filter settings.
  4. Implement a network level firewall.
  5. Maintain up to date antivirus.
  6. Patch software.

Other Precautions You Should Take

Even with the most advanced antivirus software and firewalls, new variants of malware can slip through the cracks. That is why we cannot stress enough how important backing up all your files are. With a proper backup, it will be easier (and less expensive!) to get your important files back and have your business up and running again if malware strikes.



backtotop