Locky was reported as a destructive ransomware, it was infecting computers belonging to healthcare facilities and hospitals in the United States, New Zealand, and Germany. Earlier this year, a ransomware attack of unknown origin has targeted Hollywood Presbyterian Medical Center in Central California which reportedly cost approximately 9000 in bitcoins.
Even though reports were not clear how the ransomware spread, Invincea’s reports show that the Phishing emails are the source of this attack using a weaponized document with ransomware payload.
At the end of 2015, according to report by Invincea; organizations were more likely to be targeted by weaponized document than any other attack. The statistics show the frequency of different attacks in the 4th quarter of 2015.
While it is unknown that, what specific ransomware was used in Hollywood Presbyterian Medical Center; a crypto-ransomware type was monitored using an uncommon distribution method, dubbed as “Locky”. We heard about this destructive ransomware earlier this year. Locky was quickly spreading and affecting millions. Locky and other Ransomware are often spread through phishing emails that contain malicious attachments or through drive-by downloading. Drive-by downloading occurs when a user unintentionally visits an infected website and then malware is downloaded and installed without the user’s knowledge.
According to Kaspersky Lab security reports, after massive destruction earlier this year Locky ransomware was almost inactive for 3 weeks in the month of June. The statistics show that Locky ransomware is active again and back with a knock, becoming a rising threat again for businesses.
In the first quarter of 2016, Kaspersky Lab security solutions worked on 372,602 ransomware attacks on users, 17 percent of which targeted the corporate sector. The number of victims increased by 30 percent compared to Q4, 2015.
One of the most famous ransomware in Q1, 2016 was Locky, Kaspersky Lab products detected attempts to infect users with this Trojan in 114 countries. The countries that are targeted with Locky spam emails are mainly Japan, USA and South Korea.
Trustwave SpiderLabs said that 18 percent of 4 million spam messages it collected in the month of February were ransomware-related, including many linked to Locky, which is an aggressive spread. However, for a while in the month of June it almost stopped but become active again.
As Locky ransomware is insistently rising and affecting many companies and individual that is paying off attackers in Millions.
Countries like United States, South Korea and Japan are on the hit list to this Locky ransomware attack so far. Many other countries have also observed this attack and working to prevent any loss.
In correspondence to sudden comeback of Locky and rise in other ransomware attacks, the United States Department of Homeland Security (DHS) in collaboration with Canadian Cyber Incident Response Centre (CCIRC) has issued an alert to their citizens, so that they can prevent these types of attacks.
The attackers are smart enough to trick users into visiting their infected attachment files and generated links, so it is quite hard to prevent users from being affected. However, many Security Solution provider companies are working on it, to block such files and links before it is sent over email.