Bhubaneswar: With Locky – a deadly ransomware – hitting the Indian cyberspace, Odisha Crime Branch today issued advisory urging users not to open any emails with attachments from anonymous senders.
In a bid to create awareness, the police issued the advisory to put a check on the phishing campaign.
“A new computer ransomware ‘Locky‘ has been reported. This ransomware is a kind of cyber-attack designed to block access to the data on the computer and demand money to unlock it. The Locky ransomware is similar in nature compared to the “WannaCry that caused massive outcry earlier this year. The malware is distributed through a new file extension called “.diablo6”. Further, a new variant adds the extension “.Lukitus” to encrypt files. Lukitus is the french word for locking,” the Crime Branch said in a statement.
“A large number of Ransomware attacks have been reported these days. These malwares infect computers with sophisticated attack vector. The preventive measures suggested will mitigate the threats of Locky ransomware. In case of any assistance on the subject, IT Lab EG&IT Division may be contacted at 011-49015221 and [email protected],” it added.
Behaviour and Features of Ransomware:
Locky ransomware spreads through the help of spam emails containing a malicious ZIP attachment. These zip file attachments contain Visual Basic Scripts (VBS) embedded in a secondary zip file. The VBS file contains a downloader leading to domain “greatesthits[dot]mygoldmusic[dot]com.”
The e-mail messages contain common subjects “please print”, “documents”, “photo”, “images”, “scans” and “pictures”, if these attachments are opened a variants of Locky ransomware gets downloaded automatically on the computer and desktop background of computer changes and shows an HTM file named “Lukitus[dot]htm”. Users are instructed to pay a ransom of 0.5 Bitcoin, which is equivalent to Rs 1.5 lakh. Victims are instructed to install the Onion Router Network (TOR) browser, which takes users to a decryption service if they pay the ransom.
Mitigation and Prevention:
- Avoid opening attachments in emails from untrusted sources.
- Avoid opening links in email and chat windows from untrusted sources. Sometimes an infected machine may send links to all contacts found in the email/chat application, which would appear to the destination as if coming from a trusted contact.
- Keep anti-virus up to date to avoid other infections that may bring the ransomware to machine.
- Disable macros in Microsoft Office products.
- Keep the operating system third party applications (MS Office, browsers, browser plugins) up-to-date with the latest patches.
- Follow safe practices when browsing the web. Ensure the web browsers are secured enough with appropriate content controls.
- Regularly backup important data.