In one of the largest malware campaigns in this half of the year, a formerly outdated strain of ransomware has just been used to target as many as 23 million email accounts, researchers claim.
All of the emails were sent over a 24-hour period, with the attacks spiking on Monday morning as US employees started work and European employees were mid-way through their day.
In an effort to increase the chances of someone opening the infected emails, they used subject lines like “Please print”, “documents” and “scans”.
The infected file was hidden in a zip folder. When this file is opened, it downloads the latest version of the ransomware, which encrypts all of the files on the computer.
The criminals who carried out this attack demanded that victims would have to pay in bitcoin in order to be able to decrypt the files on the computer. This is one of the most common methods cyber criminals use to extort money from their victims. Locky rose to prominence in 2016 as one of the highest-profile types of ransomware. Locky’s sudden resurgence shows how much of a threat it remains, especially as there still isn’t a decryption tool available and the criminals behind the software are continually working to make it stronger.
Protect yourself from attacks
In response to the growing concern over ransomware and malware, IT Governance now provides a scalable solution for staff awareness training. Our Phishing and Ransomware – Human patch e-learning course explains the threats that ransomware presents to organisations, and gives details of the resources available to help you understand and combat those threats. This ten-minute course provides an introduction to phishing and ransomware. We also offer a more detailed Phishing Staff Awareness Course.
We also offer a three-day Cyber Health Check for large organisations. This includes on-site consultancy and audit, remote vulnerability assessments and an online staff survey in order to assess your cyber risk exposure and identify a practical route to minimise your risks. Receive a prioritised action plan for controlling your cyber risks in line with your risk appetite.
Visit our ransomware page to view all the services we offer to help your organisation combat threats.