CYBER-CRIMINALS have upped their game with a highly advanced new ransomware targeting Australians.
Security experts have discovered a virus called “Locky” in an Australia Post email scam, in which users receive an email with a seemingly legitimate attachment.
On top of this, the virus scans users’ basic personal information from their social media profiles, which is used in the copy to convince the recipient they’re an official source.
The scam was discovered by an anti-virus company called MailGuard, which said hackers were using “highly advanced” technology to dupe tens of thousands of victims by scanning their social media profiles.
Skimming through an email like this, you can see how someone might assume it was legitimate:
What happens next is the victims’ personal files become encrypted, and their names turn into a gibberish sequence of 32 numbers and characters followed by the .locky extension. The targeted operating system identifies these items as LOCKY files that cannot be opened no matter what software the user may resort to.
In a nutshell, this means that the .locky file extension virus harnesses asymmetric cryptography to encrypt file contents and also employs symmetric cipher to encode filenames proper.
As a result, the victim can neither open his or her pictures, documents and videos nor even determine which entry stands for which file on the hard drive. At that point, the extortionists recommend a ‘panacea’, which is claimed to be capable of decoding everything in exchange for a fee. It’s called the Locky Decrypter. In order to use this tool, the plagued person needs to visit a Tor gateway specified in the _Locky_recover_instructions.txt file and submit 0.5 BTC to a Bitcoin address indicated on the page. The use of The Onion Router technology and the payment workflow over cryptocurrency are the precautions that the offenders adopt to stay anonymous and get around law enforcement. Unfortunately, most of these exactors manage to stay on the loose and keep coining new breeds of ransomware.
It’s not a good idea to pay the ransom and purchase the Locky Decrypter program. This is what the cybercriminals insist on, but it’s certain not in any affected user’s interest.