No incidences of Locky ransomware attacks in India yet: Trend Micro

CERT recently issued an alert on the spread of Locky ransomware. The ransomware encrypts a victim's files and demands a hefty ransom in order to decrypt them. Trend Micro assures that there have been no reported incidences of the Locky ransomware in India yet.

Published Date
05 - Sep - 2017
| Last Updated
05 - Sep - 2017
 
No incidences of Locky ransomware attacks in India yet: Trend Mic...

India’s Computer Emergency Response Team (CERT) issued an alert last weekend as a malware named “Locky” was spreading through spam mails on the internet. However, cyber security firm Trend Micro said on Monday that no incidences of Locky have been reported in India till now.

As per a statement by Trend Micro, the Locky ransomware is not likely to affect systems on the same scale as Petya or WannaCry ransomware as they relied on a Windows XP vulnerability. Sharda Tickoo, Technical Head, Trend Micro India, said in a statement, “So far, there haven't been any cases of Locky ransomware reported in India or across geographies, but we are getting inquiries from customers and Trend Micro's support team is helping out in resolving them. For addressing this malware, Trend Micro has its protection in place with suspicious and bad URLs being blocked. There are technologies wherein such embedded macros and file scripts can be detected and deleted.”

Tickoo also pointed out the difference between Locky and other ransomwares. She explained that Petya and WannaCry malwares were able to exploit and spread using Microsoft’s Windows XP vulnerability. However in Locky’s case, the ransomware is being spread through Visual Basic (VB) or JavaScript codes along with zip attachments through emails, so there is a high chance of this malware evading detection. As the malware makes use of scripts instead of executables, it can be run on any computer and can virtually affect anyone.

On keeping safe from the ransomware, she advised, "Since this particular malware arrives through email compressed attachment and through hidden Visual Basic (VB) / JavaScript, we have to ensure that email as a channel is widely protected. We are trying to build a ransomware strategy with two best practices - first is to start with fortifying email defense mechanisms and second is to delete the VB or JavaScript if it is not used in machines."

Last weekend, CERT issued an alert saying that a spam campaign containing Locky ransomware has been started and over 23 million emails and messages have been sent with the ransomware attached. The spam messages contain common subjects like "please print", "documents", "photo", "Images", "scans" and "pictures”. CERT also warned that the spam email attachments contain the malicious ransomware codes and users need to be wary of any emails that seem suspicious.