Locky Ransomware Being Spread via JavaScript Spam Campaign

ESET researchers are warning users to exercise caution when opening emails as another wave of malware infested spam hits Europe.

The spam emails contain a malicious file attachment that’s “designed to download and install different variants of malware to victims’ machines,” according to security evangelist Ondrej Kubovic.. ESET detects the attached file threat as JS/Danger.ScriptAttachment.

As for the malware that’s downloaded – that concoction is said to mostly consist of crypto-ransomware variants such as Locky. For the uninitiated, Locky is a Trojan that encrypts files on fixed, removable and network drives. Like most ransomware these days, victims must pony up some cold hard cash to get their data back. ESET detects Locky as Win32/Filecoder.Locky and Microsoft as Ransom:Win32/Locky.A. Users protected by Kaspersky will see the name Trojan.Win32.Reconyc.ffmh if they get hit by the malware.

Most of the users targeted by this spam campaign seem to be located in Europe, but it’s only a matter of time before the spammers take aim at the rest of the world.

Ransomware has been a prevalent threat these last couple of years and it’s unlikely that will change anytime soon. ESET strongly recommends users do what they can to keep their computers safe from infection.

Steps to keep your computer safe from Locky ransomware infections

  • Use a comprehensive spam filter to eliminate any malicious emails BEFORE they reach your inbox.
  • Avoid downloading or opening files attached to unsolicited emails and always scan file attachments sent from known sources.
  • Always keep your operating system and third-party software fully patched and up-to-date.
  • Run a reputable antivirus and/or antimalware solution that offers real-time scanning
  • Backup your computer data.
  • Consider installing Bitdefender’s anti-ransomware tool to prevent CTB-Locker, Locky AND TeslaCrypt infections.

Need help securing your computer? We can help you select and configure a reliable spam filter, security software suite, data backup solution and more. Give us at call at 858-268-4774.

Like this post? Follow us online by liking us on Facebook, following us on Twitter (@thechipmerchant), or circling us on Google+.