Ransomware Locky Rears Its Head Again In Massive Attack
By Christine Kern, contributing writer
14 million Locky-laden emails are pumped out in just five hours.
Locky ransomware was recently named one of the top three cyber-threats, and for very good reason. Cybersecurity firm Check Point found the only cyberthreats that currently pose greater threats are Sality and Conficker, both computer viruses that can accept remote commands and download additional malware onto a victim’s computer. After a period of dormancy, hackers sent out 14 million Locky-laden emails within a five hour period on October 24, showing it is a continued danger.
Locky emerged early in 2016 with an initially low number of affected victims, but the number of attacks spiraled out of control this summer. Locky also has seen several updates recently, with researchers saying it is spread in part by a massive botnet called Necurs, according to the MalwareTech blog.
According to Doug Olenick at SCMagazine , “After lying dormant for a few weeks, Locky bounced back with a vengeance on October 24 with 14 million Locky-laden emails being pumped out in about half a day.”
AppRiver’s Jon French told Olenick in an email the bulk of the email campaign ran between 7 a.m. and 1 p.m. with a smaller wave starting up at 4 p.m. and running for three hours into the evening. All of the attacks were likely from the same actors.
The typical ransom price to receive a decryption key for Locky is roughly .5 bitcoin, which is around $340 at this time. The emails sent in the attack attempted to social engineer victims with a “complaint letter” email that had a JavaScript file hidden in a .ZIP attachment.
Earlier this month, experts were able to defeat a new variant of the Locky ransomware called MarsJoke by cracking its encryption tool, as Business Solutions Magazine reported. MarsJoke is unique because it creates convincing spam emails that hijack the branding of popular air carriers and shipping companies.
“MarsJoke does not appear to be ‘just another ransomware,’ though. The message volume and targeting associated with this campaign bear further monitoring as attackers look to monetize new variants and old strains saturate potential victims,” Proofpoint wrote.
Estimates anticipate the number of ransomware attacks against businesses will be four times higher in 2016 than in 2015, according to a report from the Beazley Group. Beazley found hacking and malware breaches accounted for 39 percent of breaches suffered by financial institutions, an increase from 26 percent during the same period last year.
Beazley also says the growth in ransomware attacks is particularly evident in the financial services, retail, and hospitality sectors. “From what we are seeing, it appears many hackers are finding it easier to make money by holding companies to ransom for bitcoin than through selling personal data on the dark web,” said Katherine Keefe, global head of Beazley Breach Response Services. “But the persistently high levels of hacking and malware attacks of all kinds are a reminder that organizations across industries, and of all sizes, need actionable plans ready to implement when a breach occurs.”