OPM breach aftermath: Locky exploits data stolen from the victims
Locky virus has been admitted as one of the most active cyber infections in the first half of this year. Nevertheless, with its expanded distribution approaches, this virus is not expected to give up its leading position any time soon. In fact, it is currently estimated that around 97% of all the malicious email attachments carry the Locky virus itself or a modified version of it. Among these versions there are Thor, Shit virus, Perl ransomware and, possibly, a few other malicious Locky remakes that the experts haven’t come across yet.
Talking about the Locky’s distribution and infiltration methods, we would be wrong saying that there isn’t something new to learn every day. For instance, earlier in November, the virus analysts have disclosed that another major malvertising campaign ShadowGate now spreads two versions of Locky via the Bizarro Sundown exploit kit. It is a new and dangerous addition to the Angler and Rig kits that Locky developers have been initially using for the virus distribution. But perhaps the most essential discovery that can benefit the regular users was made by the PhishMe team.
The PhishMe researchers have discovered a new tactic that the hackers use to deceive users into downloading email attachments carrying Locky payload. The experts call it the OPM Bank Fraud or simply the OPM scam. OPM stands for the US Office of Personnel Management — an institution under which name the hackers deliver their potential victims a fraudulent notification that warns about a supposed financial offense. The users receive the following message:
Carole from the bank notified us about the suspicious movements on out account. Examine the attached scanned record. If you need more information, feel free to contact me.