New Locky Ransomware Released
There seems to be a new Locky ransomware phishing attack released this past week.
The emails claim to be “credit card suspended” or “suspicious money movement” warnings.
Graham Cluley reports:
“In the last few days there have been a spate of spammed-out attacks using similar techniques to dupe unwary internet users into clicking on an attachment that will lead to their Windows PC being infected with the notorious Locky ransomware.”
This attack is now using threats claiming that there have been “suspicious movements” of funds out of your bank account and/or that your credit card account has been suspended.
Here are a couple of examples of the phishing emails being received:
1. “Suspicious movements” email:
2. “Suspended card” email:
Attached to the email is a ZIP file containing a malicious Javascript file (.JS) that, once opened, downloads that most recent version of the Locky ransomware from a remote server.
The Locky CyberCriminals are extremely well-organized, and highly automated. They change the names and contact details used in these phishing emails, so you cannot rely on them being the same. Ransomware is CyberCrime’s most successful and lucrative business model, so you can count on the threat being around for a long time.
Leave a Reply