23 million emails with Lukitus ransomware was sent in 24 hours

Locky virus developers continue spreading Lukitus ransomware worldwide

Lukitus ransomware distributed via massive email campaign

Locky virus is one of the most widespread ransomware variants in the world[1], and it has a tendency to attack computer users regularly. It keeps disappearing for short periods of time only to reappear and demonstrate improved distribution and infiltration techniques.

Recently, it reappeared with a massive Lukitus virus campaign that distributed over 23 million malware-laden emails to computer users[2].

It seems that Locky’s developers value simplicity, so they do not waste time composing long and convincing messages to potential victims. The subject and the message body of the malicious emails typically contain only a few words or a short phrase inviting the victim to view certain content.

The subject line might contain one of the following phrases/words: “documents,” “pictures,” “scans,” “photo” or “please print.” The message body might contain a phrase such as “Download it here” or “Files attached.”

The file attached to the malicious email is a simple ZIP attachment that contains another ZIP file inside. Once the victim extracts both ZIPs, one finds a VBS file inside.

As soon as the victim unknowingly clicks on the malicious file to view its contents, the malicious script inside of it addresses a compromised domain and downloads Lukitus malware[3] to victim’s PC. During the encryption procedure, the malicious software marks each file with .lukitus extension.

Currently, Locky’s developers are asking half a Bitcoin as a ransom. At the moment of writing, this is equal to 2223 US dollars.

Locky ransomware disappears only to present upgraded virus’ versions

The malicious software developers slowed down their activities which resulted in drop of Locky’s prevalence in the first half of 2017. However, in August 2017 the virus started rampaging on a global scale again with the new and improved version known as Diablo6.

According to Novirus.uk experts[4], Diablo6 ransomware wasn’t that successful as it was quickly replaced with Lukitus virus. The first comeback version appeared on August 9th only to be replaced by Lukitus on August 16th.

However, why the ransomware keeps disappearing, you might ask? Simply, Locky’s developers are a well-organized cybercrime gang that plans each step wisely.

As soon as they notice that the ransom payment rate drops, they no longer waste their time distributing the no-longer-successful virus’ version further. Instead, they disappear to develop new updates to attack computer users with more sophisticated and unexpectedly aggressive malware forms.

Differently than the infamous Cerber ransomware, Locky isn’t available as ransomware-as-a-service[5]. Its developers keep their source code to themselves, grabbing all ransoms to themselves. It seems that these criminals do not find affiliate system to be efficient, or simply fear that affiliates won’t be as successful as the original cybercrime gang members.

Create your own Locky antidote

There are ways to prevent Locky ransomware attack, and only you can ensure that this virus won’t turn your files into useless pieces of data. First of all, knowledge about this virus, its distribution methods, and other related information can help you understand how traditional ransomware works, so we strongly recommend reading the full article about this virus on our website.

Considering that it is one of the most sophisticated ransom-demanding viruses in the world, you will likely learn how to protect your computer from any other ransomware form as well, although we suggest regularly updating your knowledge about these viruses.

To create an antidote for Locky (Lukitus or another variant), follow these general anti-ransomware rules:

  • Enable computerized software updates to always have the latest software versions. Never delay Windows OS updates – we understand that they are lengthy and might interrupt your activities for a while; however, it goes without a saying that losing your files for good is a much worse scenario, right?
  • Create a data backup. It is probably the most important rule to follow. No matter what happens, data backup will save you. Get a data storage device (USB, portable hard drive or something similar), connect it to your computer, move copies of your valuable files to it, eject the portable device and unplug it from your computer. Put the backup to a safe place and do not forget to update the backup with fresh and relevant files you create. Data backup will save you from a complete data loss even if ransomware somehow manages to infect your PC.
  • Install a security software with real-time protection to guard your computer against malicious attempts to damage your computer or your files.
  • Never click on suspicious email attachments or links!
About the author
Olivia Morelli
Olivia Morelli - Ransomware analyst

Olivia Morelli is News Editor at 2-Spyware.com. She covers topics such as computer protection, latest malware trends, software vulnerabilities, data breaches, and more.

Contact Olivia Morelli
About the company Esolutions