Bhubaneswar: The Crime Branch on Saturday circulated an advisory issued by the Centre warning citizens of the spread of a ransomware called Locky. The advisory informed that reports of a new ransomware, Locky, have surfaced and it is designed to block the data on the computers and demand money from the users for unblocking it. The alert pointed that Locky is similar to WannaCry ransome which had struck several parts of the world a couple of months back. The ransomware is being spread through a new file extension called ‘diablo6’.
A new variant then adds the extension ‘Lukitus’ to encrypt the files. Lukitus is a French word which means locking. Locky malware spreads through spam mails containing a malicious ZIP attachment. These ZIP file attachments contain visual basic scripts which are embedded in a secondary ZIP file. The VBS files contain a downloader leading to domain greatesthits(dot)mygoldmusic(dot)com. The e-mail messages contain common subjects like please print, documents, photos, images, scans and pictures.
And, if these attachments are opened, variants of Locky ransomware gets downloaded automatically following which the desktop backgrounds of the computers change and display a HTM file named Lukitus(dot)htm. The users are then asked to pay a ransom of 0.5 Bitcoin, which is equivalent to `1.5 lakh. If the ransom is paid, the users are instructed to instal the Onion Router Network (ORN) browser, which leads to a decryption service. The advisory suggested the users to avoid opening attachments in emails from unknown sources, avoid opening links in emails and chat windows from unknown sources.