One of the most successful ‘families’ of ransomware- Locky- has resurfaced in the form of two email spam campaigns. These spam emails contain file encrypting malware and if the user downloads the attachment he/she will lose access to their computer files and be prompted to pay a ransom in order to retrieve file access. It is important for you and all of your employees to stay vigilant against these attacks.

More about Locky and its variants

Locky is malware that was released in 2016. It is delivered through email usually in the form of an invoice requiring payment, with an attached Microsoft Word doc that contains instructions to enable malicious macros.

Diablo6- The Diablo6 variant uses the body content “Files attached. Thanks” and the sender’s email address usually has the same domain as the recipient’s.

Lukitus- This Locky variant is usually an email with subject line, “PAYMENT.” and says something like, “IMPORTANT INFORMATION! All of your files are encrypted with RSA-2048. Decrypting is only possible with the private key and decrypt program on our server.”

In addition for watching out for emails containing similar information, you should also:

• Keep your patching up to date.
• Backup your files.
• Be diligent in end-user training.

*Note- The examples of the text being sent in these spam emails can change at any time. These messages are what is being sent as of this writing, but spammers will often introduce variants of their attack emails in order to see which ones work best. If you get an email that you think is suspicious but it uses different language than you have read in this article, that is not proof that the message is safe. Remain vigilant and be careful of any emails from a sender that you do not know.

For more information on Locky and ways to safeguard your company, consult Envision Technology Advisors’ recent blog, “Ransomware Alert – ‘Diablo’ and ‘Lukitus’ Variants of Locky Malware” or reach out to our Information Services Team.