‘Locky’ The ransomware, once considered almost defunct, sent over 23 million emails with the malware to the US workforce in just 24 hours on August 28, zdnet.com reported.
It was sent with subjects such as “please print”, “documents” and “scans”.
Researchers at US-based cybersecurity firm AppRiver, who discovered the new campaign say it represents “one of the largest malware campaigns seen in the latter half of 2017”.
According to the report, the malware payload was hidden in a zip file containing a Visual Basic Script (VBS) file, which once clicked, will download the latest version of Locky ransomware- the recently spotted Lukitus variant- and encrypts all the files on the infected computer.
Victims are presented with a ransom note demanding 0.5 bitcoin ($2,300) in order to pay for “special software” in the form of a “Locky decryptor” in order to get their files back.
Instructions on downloading and installing the Tor browser and how to buy Bitcoin are provided by the attackers in order to ensure victims can make the payment.
Locky rose to prominence in 2016 following a number of high-profile infections and at one point became one of the most common forms of malware in its own right.
However, Locky’s position was later usurped by Cerber, although this sudden resurgence shows that it remains very much a threat, especially as there is not a free decryption tool available to victims, the report said.