New Delhi, Sep 2: The Indian government on Saturday issued an alert on a new ransomware named ‘Locky’ that can lock computer systems and demand ransom for unlocking them. This malicious software reportedly demands a ransom of half Bitcoin, which is presently equivalent to more than Rs. 1.5 lakh.
The alert was issued on a web portal, Cyberswachhtakendra.gov.in, saying that a new wave of spam emails with common subject lines is spreading variants of Locky Ransomware. To target its users, spams reportedly show links to fake dropbox websites and gain control over the victim’s system.
“Alert regarding spam spreading Locky Ransomware issued today by @IndianCERT…,” Electronics and IT Additional Secretary Ajay Kumar tweeted.
The messages contain common subjects like ‘please print’, ‘documents’, ‘photo’, ‘Images’, ‘scans’ and ‘pictures’.
According to Kumar, as quoted by PTI, “Reports indicate that over 23 million messages have been sent in this campaign. The messages contain common subjects like ‘please print’, ‘documents’, ‘photo’, ‘Images’, ‘scans’ and ‘pictures’. However, the subject texts may change in targeted spear phishing campaigns, the alert stated, which described the severity of the ransomware as “high”.
‘The system infected by Locky Ransomware is getting locked or encrypted with random numbers with “extension [dot] lukitus or [dot] diablo6’, the alert stated. The instructions contain an installation of ‘a TOR browser and visiting (dot) onion sites and demanding ransom of 0.5 Bitcoins’, it added.
According to PTI, the alert stated,”Users are advised to exercise caution while opening e-mails and organisations are advised to deploy anti-spam solutions and update spam block lists,”
In August, a variant of ‘Mamba’ ransomware returned and the threat was also felt in India. The behaviour of Mamba was reportedly similar to other ransomware like ‘Crysis’ and ‘Erebus Linux’ that leveraged exploits to gain unauthorised administrator-level access to machines.
Mamba spread as an “exe” file with a numeric name like 141.exe. This file was delivered via hacked websites that a victim might visit or an already compromised network.
In May this year, computer systems across the globe saw a series of cyber attacks involving the ransomware ‘WannaCry’. An Assocham PWC report claimed that among more than 100 countries that were hit by WannaCry, India was the third-worst affected.
(With agency inputs)