Comodo researchers found a new ransomware campaign which targeted tens of thousands using simple email which contained only attachment and no text. The file name is E 2017-08-09 (xxx).xxx with the number in parentheses and different file extension with each email.
After the click on the attachment, a new Locky ransomware variant called IKARUSdilapidated is downloaded.
“Named for the appearances of ‘IKARUSdilapidated’ in the code string, it is clearly related to the ‘Locky’ Trojan and shares some of its characteristics,” the researchers note. “As a new malware variant, it is read as an ‘unknown file’ and is allowed entry by organizations not using a ‘default deny’ security posture (which denies entry to all unknown files until it is verified that they are ‘good’ files and are safe to have enter the IT infrastructure).”
The attachment is unreadable having the following phrase-
“Enable macro if data encoding is incorrect,” a social engineering technique which runs run a binary file that downloads an encryption Trojan.
Comodo-protected endpoints found out more than 62,000 phishing emails on Aug 9,10 and 11. Eleven thousand IP address where used from one thirty-three different countries.
“This quantity of servers can only be used for a specific task if they are formed into a large bot network (or botnet), and have a sophisticated command and control server architecture,” the researchers note.
As per the Kaspersky, Locky and its variants were the most profitable form of ransomware.
“Ransomware is here to stay, and we will have to deal with it for a long time to come,” Google senior strategist Kylie McRoberts said.
Tripwire principal security researcher Travis Smith told that sending such email is a profitable method.
“For ransomware, the attacker just needs one low-level employee to click a link or open an attachment,” he said.
“That one click then allows them to immediately be paid hundreds, if not millions, of dollars in nearly anonymous cryptocurrency,” Smith added.
____________________________________________________________________________________________
Alertsec helps you comply with HIPAA, PCI and SOX requirements. The implemented encryption is powered by Check Point and has the highest security certifications: FIPS 140-2, Common Criteria EAL4 and BITS.