"Locky Ransomware Attack" 20 Million User Are Infected In A Day

"Locky Ransomware Attack" 20 Million User Are Infected In A Day

Barracuda Advanced Technology Group (BATG) has identified an ‘aggressive’ Locky ransomware threat launched in about 20 million attacks on the very first day, and the campaign seemingly has started just yet.





On Tuesday BATG stated that it was ‘actively monitoring an aggressive ransomware threat that appears to come in the largest volume from Vietnam,” while the number of attacks was rapidly ‘growing.’ According to the blog post, India, Colombia, Greece, and Turkey are other prominent targets of attackers, but the volume of attacks is comparatively low in these regions.


Reportedly, around 6,000 fingerprints have been discovered hinting upon the fact that the attacks are generated automatically through a template that can randomize portions of the files. The payload file and domain names that are used to download secondary payloads continually change probably to evade anti-virus software.

Moreover, BATG researchers have found a variant of Locky ransomware with a single identifier, which means even if the ransom is paid the victim won’t be getting decryptor key at all to reclaim encrypted data.

BATG researchers also noted that the language files on the victim computer are also checked by the malware so it can be speculated that this mechanism is embedded in order to produce a more ‘internationalized version’ of this attack later on.


It seems like Locky ransomware is back in action as recently we reported about a campaign discovered by security firm AppRiver where the attackers managed to launch 23 million attacks. In that particular campaign too, the infected attachments were delivered to unsuspecting users across the United States through emails having a simplistic subject line that read: ‘Download it Here’ followed by the sender’s name.