Stay informed about cyber awareness training topics and mitigate risk in your organisation.

Scam of the Week – Locky Ransomware

Locky ransomware is nothing new with many different variations coming out all the time, even last week we noted how it has now become a problem for Android users.

As the means by which it spreads continually become more and more sophisticated, the latest method of distributing the ransomware uses a phishing email complete with a compromised word document in the form of an invoice.

Spotted first by the people at the Internet Storm Centre (SANS), they noticed that this strain of the scam leverages a vector in Word documents that uses Microsoft Dynamic Data Exchange (DDE), a feature that lets Office applications load data from another Office file.

The phishing messages carrying this attack come from the Necurs botnet. You may have heard of it before, it’s been around for about 5 years and has been named one of the largest botnets in the world. It contains some 6 million zombie endpoints, and delivers some of the worst trojans and ransomware threats to millions of emails at a time.

It works by convincing recipients using a fake invoice (the compromised word file) to click ‘OK’ through security warnings. Once the victim has clicked ‘OK’ then the poisoned document fetches a downloader that pulls a copy of Locky to decrypt at the target.

Once the ransomware has launched and encrypted the victim’s hard drive, Locky is deleted with the downloader left behind and a demand for 0.25 Bitcoin (about £1200 currently) issued.

about the author

sharing is caring

Share on linkedin
Share on twitter
Share on facebook

you might enjoy reading these

Request Demo

The personal information that you provide to us in this form will only ever be used by MetaCompliance (as the Data Controller) for the following specifically defined purposes:

  • email you content that you have requested from us
  • with your consent, occasionally email you with targeted information regarding our service offerings
  • continually honour any opt-out request you submit in the future
  • comply with any of our legal and/or regulatory obligations