Locky ransomware's email campaigns

Just when organizations were starting to feel safe after WannaCry and Petyasecurity experts have detected another serious ransomware attack in the form of a massive email campaign: Locky.

According to security researchers at AppRiver and Comodo,  Locky’s first campaign, launched in late August 2017, sent an estimated 23 million emails in just 24 hours; its second campaign has sent over 62,000 emails as well. Both campaigns have primarily been targeting users in the United States.

The former email campaign used an attached Visual Basic Script (VBS) file to spread Locky. Once victims download the VBS file, Locky starts encrypting the files in their system. Following this first email campaign, Locky reportedly demanded $2,150 in ransom to decrypt victims’ files.

Locky’s second email campaign used a phishing attack, taking advantage of 11,625 different IP addresses from 133 countries. This campaign followed the same VBS workflow as the first wave of attacks, but instead demanded a ransom between $2,311 and $4,623. 

No decryption methods have been found for Locky ransomware as of yet, so security professionals highly recommend enterprises practice preventive measures to escape any potential breaches.  

In general, there are three simple ways to escape ransomware threats:

  • Beware of phishing mails.
  • Back up your data regularly.
  • Keep your systems updated.

If updating your systems across your network seems tiresome, you can employ a desktop management solution to make patch management a bit easier.

Our very own Desktop Central can help you manage your desktops, laptops, and servers from a central location. Update your operating systems and business applications, or even remotely troubleshoot users’ machines, all without skipping a beat. 

Download Desktop Central now and stop worrying about new ransomware threats.