Security giant Kaspersky Lab says the recently uncovered ransomware Trojan Locky is spreading like wildfire, to date having successfully attacked organisations in 114 countries.
South Africa has experienced the sixth highest number of attacks at 220, says Kaspersky. Analysis of the samples reveal that Locky is a brand new threat, written from scratch, but behaves in a typical manner, exhibiting no real differences from other ransomware families in terms of its makeup or principles of operation.
The Trojan encrypts the users file, then displays a message with the attacker's ransom demands. It is spread through mass mailings with malicious loaders attached to the spam messages. The messages contain an attached DOC file with a macro that downloads the Locky Trojan from a remote server and executes it once the user is prompted to click on the link. It then reads the data and continues infecting the user's system.
Fedor Sinitsyn, senior malware analyst at Kaspersky Lab, says the company has seen a rise in this type of threat, and ransomware on the way to becoming one of the fastest growing classes of malware.
"Our research shows that crypto-trojans carry out attacks in practically all regions of the world. Among other Trojans, Locky caught our attention because it was so active and spread so pervasively and quickly. We also noticed that the attacks weren't partial to any particular region, where we have received notifications about attacks in over 114 countries across all continents - no other ransomware Trojan to date has targeted so many countries at once".
According to Sinitsyn, there are steps users can follow to guard against Locky at the various stages of the attacks.
Firstly, install and regularly update anti-virus software products, as AV remains a good first line of defence, and has already blocked Locky attacks in over 100 countries globally.
He also advises against opening attachments in e-mails from unfamiliar senders. "Back up files on a regular basis and store the backup copies on removable storage media or in cloud storages - not on your computer."
Next he says to keep your machine updated by regularly running updates for antivirus databases, operating systems and any other software that might be installed on the computer. Finally, Sinitsyn advises creating a separate network folder for each user when managing access to shared network folders.
Share