Locky file virus, or Locky ransomware, is being spread once again the wild, Cisco researchers warn. Apparently, a new spam campaign has been detected and even though its scale is small, users should be prepared for ransomware.
Cisco has just come across approximately a thousand Necurs spam email messages carrying the Locky crypto virus. The number may not be as big as previous spam floods but it is surely an indication for future Locky ransomware activities.
When Locky first appeared in the beginning of 2016, its infections literally skyrocketed. Back then, many hospitals in Japan and the US were seriously compromised. The spam campaigns and the consequent infections even surpassed Dridex activities, known for a very aggressive spam behavior.
More About the Necurs Botnet
Necurs is a botnet that uses spam emails in order to infect user systems. The botnet usually infects systems with ransomware. Around June 1st, 2016, the botnet virtually stopped all its activities. The inactions of Necurs marked a decrease in malicious email spam. Later in 2016, Necurs was back once again.
Interestingly, while Necurs was pulled from the malware scene, there was a significant decrease in spam campaigns. Moreover, the botnet was down for some time because its authors were aiming at making it more sophisticated. As it was frequently used, more and more security measures were able to detect and neutralize it.
Necurs Botnet and Locky File Virus in 2017
Locky virus and Necurs botnet have joined forces once again. Cicso has seen a small uptick in such infections, not more than a thousand spam messages containing the Locky payload. Attacks may not be as frequent and wide-spread as we have seen before, but it may just be the beginning of a series of serious Locky infections. Organizations of various types may be hit as well as home users.
“Since late December we haven’t seen the typical volume of Locky, however, a couple of days ago we finally started seeing some spam campaigns start delivering Locky again,” Cisco’s team of experts said.
“The key difference here is around volume. We typically would see hundreds of thousands of Locky spam, [and now] we are currently seeing campaigns with less than a thousand messages.
“With both of these campaigns being relatively low volume these could be one offs or indicators of changes to come to the campaigns in the future.”
How to Recognize 2017 Necurs Spam Locky Campaign?
Researchers report that one of the attacks carrying Locky as the payload distributed it in an attachment zipped twice, in email messages that had no subject or body text. Alongside Locky, another piece of malware is delivered – the Kovter Trojan employed for ad-click fraud campaigns.
To stay protected against ransomware, install a strong anti-malware program and back up your files regularly.
Spy Hunter scanner will only detect the threat. If you want the threat to be automatically removed, you need to purchase the full version of the anti-malware tool.Find Out More About SpyHunter Anti-Malware Tool / How to Uninstall SpyHunter