Govt issues alert for email-based Locky ransomware
New Delhi: The Indian Computer Emergency Response Team (CERT-In) on Saturday issued an alert on its website about an email-based ransomware, Locky, which is in circulation through over 23 million messages. The ransomware, which spreads through spam mails, scrambles the contents of a computer or server and demands payment in bitcoins to unlock it.
According to the alert, the messages contain common subjects like “please print”, “documents”, “photo”, “Images”, “scans” and “pictures”.
“The messages contain ‘zip’ attachments with Visual Basic Scripts (VBS) embedded in a secondary zip file. The VBS file contains a downloader which polls to the domain ‘greatesthits[dot]mygoldmusic[dot]com’ (please do not visit this malicious website) to download variants of Locky ransomware,” said the advisory.
CERT-In is the national nodal agency under the ministry of electronics and IT (MeitY), which deals with cyber security threats such as hacking and phishing. The agency is tasked with the collection, analysis and dissemination of information on cyber incidents and even taking emergency measures for handling cyber security incidents.
Users are advised to exercise caution while opening emails and organizations are advised to deploy anti-spam solutions and update spam block lists, the alert added.
CERT-In has listed the malicious domains/IPs which have been advised to be blocked. It has also listed the preventive measures which the users and administrators are advised to take to protect their computer networks from ransomware attacks.
It is also reported that a spam campaign, showing links to fake dropbox sites, is being used to spread Locky variants, the alert added.
In February 2016, CERT-In had issued a detailed alert on the Locky ransomware, when it first appeared.
In August, IT minister Ravi Shankar Prasad had said in the Lok Sabha that, as per reports of CERT-In, a total of 65 incidents involving ransomware were reported between 2014 and 2017 till June.