Locky ransomware attacks again. In addition, this time Locky is doubled up with phishing malware called FakeGlobe.
Locky was discovered at the beginning of 2016. The malware was dispersed mostly through spam emails. Security experts at ProofPoint discovered new attacks related to the Locky malware this spring.
An innovative method is used by cybercriminals to switch between Locky and FakeGlobe. Thus, the Internet security experts are taking actions in order to reduce the threat to internal consumers and business data.
Security professionals at Trend Micro stated that phishing emails were sent in over 70 countries. The majority of false emails were imitating fake invoices for big corporations such as Marketplace, Amazon or Herballife. A fraudulent printer order has also been noticed, according to Security Week.
The fraudulent email includes a link to a .zip file, which directed the script to download the malicious program. Locky and FakeGlobe attacked consumers at the same time on an hourly basis. This technique allows cybercriminals to increase the number of infections.
Researchers noted that they haven’t seen this type of alternative malware rotation method in a long time. Thus, the most common approach is to apply two different techniques, for example, banking Trojans and data stealers.
The innovative malware distribution strategy potentially causes some serious consequences for victims. Trend Micro also added that the malware re-encrypt information and files, victims can lose the access to their data permanently or have to pay the cybercriminals twice.
Barracuda Networks reported that it had detected approximately 20 million attacks in the first twenty-four hours. The number kept increasing rapidly.
It is unknown who is behind the malware. Security researchers at Trend Micro tracked IP addresses of fraudulent email senders – most of them lead to India, Iran, and Vietnam. Unfortunately, 185 different countries were involved in distributing the fraudulent and compromised emails.