Locky and FakeGlobe Ransomware in dual spam campaigns

Cyber criminals started a spam campaigns that delivers either Locky or FakeGlobe Ransomware where an individual can be victimized twice with same attacks.

The Cyberattack contained a trick of malicious actors which delivers the initial spam email. The victim could be hit with both varieties of Ransomware with a single mistake.

" The campaign is designed in such a way that a victim clicking on a malicious link from the spam email might deliver Locky one hour, and then FakeGlobe the next. This increases the likelihood of secondary infections due to the rotation," Ed Cabrera, Trend Micro' s chief cybersecurity officer for Trend Micro

The attacks started around September 4 and hit almost 70 countries. The worse hit being Japan, US and china which gathered almost half the mail spams.

“ The cybercriminals behind the campaign designed it so that clicking on a link from the spam email might deliver Locky one hour, and then FakeGlobe the next. This makes re-infection a distinct possibility, as victims infected with one Ransomware are still vulnerable to the next one in the rotation,” the researchers wrote.

The spam mail came with an embedded link and an attached document masquerading as payment invoice. The link and the document led to two different URL to download.

This could means that Ransomware as a service (RaaS) are equally growing in numbers and delivering multiple Ransomwares during a single shot to increase the impact of the attacks.

Tag : Linux
FAQ
Q
What's the difference between malware and ransomware?
A
Malware is software written specifically to harm and infect the host system. Malware includes viruses along with other types of software such as trojan horses, worms, spyware, and adware. Advanced malware such as ransomware is used to commit financial fraud and extort money from computer users.
Q
How does ransomware spread?
A
Ransomware is often spread through phishing emails that contain malicious attachments or through drive-by downloading. Crypto ransomware, a malware variant that encrypts files, is spread through similar methods and has also been spread through social media, such as Web-based instant messaging applications.
Q
Is Ransomware a malware?
A
Ransomware, While some simple ransomware may lock the system in a way which is not difficult for a knowledgeable person to reverse, the more advanced malware uses a technique called cryptoviral extortion, in which it encrypts the victim's files, making them inaccessible, and demands a ransom payment to decrypt them.
Q
Can ransomware be removed?
A
The removal tool will complete the scanning process and remove the infection automatically. Once it finishes the ransomware infection should be completely removed. Restart your computer normally and let it boot up in Normal Mode. You should be able to access your user account and access the desktop properly.
Q
Is Ransomware a virus?
A
Ransomware is malicious software which encrypts files on your computer or completely locks you out. Viruses infect your files or software and have the ability to replicate, but ransomware scrambles your files to render them unusable, then demands you pay up.