Locky Returns via Spam and Dropbox-Themed Phishing Attacks

Massive Ransomware Campaign Flings 23 Million Emails in Just 24 Hours

A massive Locky ransomware campaign has been infecting devices via malware-laced spam messages as well as through fake Dropbox phishing pages. More than 23 million Locky spam email have been seen in just one 24-hour period.

A new attack campaign has been flinging phishing messages as well as ransomware-laced spam emails at potential victims in massive quantities.

The attack campaign involves crypto-locking Locky ransomware.

“Beware. Don’t fall for this. Locky is horrid,” says Alan Woodward, a computer science professor at the University of Surrey.

The campaign began Monday, according to cloud-based cybersecurity provider AppRiver, which counted more than 23 million related spam emails having been sent in less than 24 hours. That makes it “one of the largest malware campaigns that we have seen in the latter half of 2017,” says Troy Gill, manager of security research for AppRiver, in a blog post.

Finnish security firm F-Secure says that the majority of the spam messages that its systems are currently blocking relate to Locky. It notes that some spam contains links to infected sites, while other messages carry malicious attachments.

If a system becomes infected with this strain of Locky, crypto-locked files will have the extension “.lukitus” added, which is a Finnish word variously translated by native speakers as “locking” or “locked,” according to F-Secure.

Continue reading…