For a time, it seemed we had reached the high-water mark where Locky Ransomware was concerned. After the big, global attack earlier this year, interest in that particular strain of ransomware seemed to wane as hackers went off in search of the “next new thing” to deploy against the unwitting public.
Unfortunately, rumors of Locky’s death may have been highly exaggerated. A massive new email campaign is underway, using Amazon as a cover, and the infected emails come bearing Locky as a “gift” to anyone who opens them and downloads the attachment.
While no one knows who is behind the Locky software itself, this new email campaign is being run through a large botnet-for-hire called Necurs, which is currently made up of more than five million devices from all over the world.
These devices have been sending out a million emails an hour that appear to come from Amazon and contain downloadable attachments with their malicious payload.
The hackers are being quite savvy about the operation too, timing the sending of their emails so that they arrive during normal working hours, which makes them seem more legitimate. As ever, anyone unfortunate enough to download the attachment contained in one of these emails will soon find all the files on their system encrypted, and get a notification that they must pay a ransom in BitCoin if they want the unlock code to get their files back.
It gets even worse, though. This latest attack does more than just install Locky. It also installs a program called “FakeGlobe,” which appears to be another variant of ransomware that’s designed to trigger after files are unlocked. So, even if you pay the ransom, you may find yourself immediately facing newly encrypted files and having to pay a second one.
As ever, the keys to avoiding scams like these are vigilance, employee/family education and a robust backup and file recovery plan, in the event that someone in your organization or household does open one of these emails. And be sure to contact PC Tech for Hire for assistance in establishing your plan.
You've probably seen the news today about the Montgomery County government being hit with ransomware. Local news has this article about it.
But what is ransomware?
Ransomware is a form of malicious software that locks up the files on your computer, encrypts them, and demands that you pay to get your files back. Wanna Decryptor, or WannaCry, is a form of ransomware that affects Microsoft’s Windows operating system. The variant that hit Montgomery County is known as the SamSam ransomware. When a system is infected, a pop up window appears, prompting you to pay to recover all your files within three to seven days, with a countdown timer on the left of the window. It adds that if you fail to pay within that time, the fee will be doubled, and if you don’t pay within seven days, you will lose the files forever. Payment is accepted only with Bitcoin.
How does it spread?
According to the US Computer Emergency Readiness Team (USCRT), under the Department of Homeland Security, ransomware spreads easily when it encounters unpatched or outdated software. Experts say that WannaCry is spread by an internet worm -- software that spreads copies of itself by hacking into other computers on a network, rather than the usual case of prompting unsuspecting users to open attachments. It is believe that the cyber attack was carried out with the help of tools stolen from the National Security Agency (NSA) of the United States.
Some forms of malware can lock the computer entirely, or set off a series of pop-ups that are nearly impossible to close, thereby hindering your work.
What can be done to prevent this?
The best way to protect your computer is to create regular backups of your files. The malware only affects files that exist in the computer. If you have created a thorough backup and your machine is infected with ransomware, you can reset your machine to begin on a clean slate, reinstall the software and restore your files from the backup. According to Microsoft’s Malware Protection Center, other precautions include regularly updating your anti-virus program; enabling pop-up blockers; updating all software periodically; ensure the smart screen (in Internet Explorer) is turned on, which helps identify reported phishing and malware websites; avoid opening attachments that may appear suspicious.
If you are not sure if you're protected, I offer services that can help you determine your risk. My ProActive Care Services can help prevent ransomware from getting into your system. Contact me to discuss your concerns and let me help you protect your files.
Hi! I'm Ronnie, your PC Tech for Hire for the Montgomery, AL area! Let me know if you need my 25+ years of experience to help you with your computer needs.