Locky Ransomware Trend

Dermot SmythSecurity and Compliance Officer
A phishing scam that claims a recipient’s credit card details have been “suspended” is the latest trend in spoof emails.


phishing scam that claims a recipient’s credit card details have been “suspended” is the latest trend in spoof emails. Cyber criminals are using social engineering tactics to spread fear among  business owners by attaching Locky malware to phishing emails.

The large cluster of  spam email was highlighted by researcher  Graham Cluley, who not only spotted a trend in credit card suspension phishing emails but with false parcel delivery notifications also. These fraudulent emails are designed to dupe users into clicking on rogue zip file attachments. We have also seen this trend within our quarantine  (see examples below).

If the attachment is opened, a remote version of Locky is downloaded from a remote server from one of five URLs which is then saved in a temporary folder. Once the attachment is clicked, the virus is executed without any further user interaction.

Locky is a form of ransomware that encrypts and compromises a users data until a ransom fee is paid. If the ransom is not paid, the user will lose their data.

A legitimate body will never under any circumstances ask for a users bank details, so be on high alert if you do receive an email from one that does ask. Ignore the email and phone the supposed source to confirm the emails validity. Along with that, be highly suspicious of emails that include attachments or links, it is highly unlikely any legitimate body will ever include one of either in an email, if they do, make sure to hover over the link or attachment to see where it directs you to.

Comments (0)

Have a question about something in this article? You can receive help directly from the article author. Sign up for a free trial to get started.