sb-as logo
Story image

New wave of Locky ransomware appears to come from Vietnam

22 Sep 2017

Researchers from Barracuda Advanced Technology Group have spotted what they are calling an ‘aggressive’ ransomware threat that appears to originate from primarily from Vietnam.

As of September 19, researchers had seen 27 million distribution attacks in just 24 hours. In later updates, the company identified it as a variant of the notorious Locky ransomware.

The ransomware is hidden in an email appearing to be from ‘Herbalife Nutrition’ or in a generic email that looks like a ‘copier’ file delivery, researchers say. All use fake source email addresses.

While Vietnam is the biggest attack source, other major sources include India, Columbia, Turkey and Greece.

Researchers say that there are 6000 fingerprints, which suggests that the email are automatically distributed through a template that randomizes files.

The Locky variant uses a single identifier, which allows attackers to match victims against their ransom payments. The problem is that all victims get the same identifier, making it impossible for attackers to provide the right decryptor. In which case, there may be no way for victims to get files back.

Researchers also say the attack also analyses the victim’s computer language files, suggesting that it may lead to a global attack in future.

“The attack is continuing at the same pace as it has been throughout the campaign,” researchers note.

In an update on September 21, researchers noticed two new methods of attack and were spotting more than one million attacks per hour.

“The first impersonates a voicemail message, using the subject line 'New voice message [phone number] in mailbox [phone number] from ['phone number'] [<alt phone number>].'   At this time the domain in the body of the email is not returning suspicious activity. The bulk of this attack originated in Serbia,” researchers state.

They also noted that another method included a spoofed domain from marketplace.amazon.uk.

The company is keeping an eye on the attacks.

Story image
Video: 10 Minute IT Jams - Radware VP on the challenges of cloud security
In this interview, Techday speaks to Radware vice president of technologies Yaniv Hoffman, who discusses the primary challenges facing IT organisations in terms of their cloud security apparatus.More
Story image
Cybercriminals influencing financial markets, report finds
The financial sector is being targeted by cybercrime cartels and nation-states, and the bank heist has evolved significantly — from a heist to a hostage situation.More
Story image
Aruba updates edge security platform with SD-WAN capabilities
Aruba’s latest iteration of its Edge Services Platform (ESP) has been quick to make use of HPE’s acquisition of Silver Peak in September last year.More
Story image
Attivo Networks expands Active Directory suite for greater protection
"We see Active Directory exploitation used in the majority of ransomware, insider and advanced attacks. We are pleased to now offer our customers early and efficient solutions for preventing the misuse of Active Directory.”More
Story image
97% of organisations experienced a mobile threat in 2020 — report
93% of these attacks originated in a device network, which includes attempts to trick users into installing a malicious payload via infected websites or URLs, or to steal users’ credentials.More
Story image
Mobile devices biggest enterprise security threat - report
Businesses have left themselves vulnerable and open to cyber criminals in the rush to ensure their workforce could operate remotely during the Covid-19 pandemic.More