Massive New Crypto “Locky” Ransomware Attack Is Coming
Jan Sirmer at the Avast blog wrote: “Based on analysis of past Crypto Locky ransomware attacks, experts in the Avast Threat Labs predict that another attack is imminent.”
Locky has taken a holiday of sorts. Avast detection of Locky shows that attacks have slowed down considerably during the days before Christmas through New Year and leading up to Eastern Orthodox Christmas, which is celebrated in Russia on January 7.
The Avast Threat Lab analyzes the lifecycle of Locky, and they can see small peaks, new spread methods, new binaries etc., usually occurring before a new campaign starts. The graph above shows data for the last one hundred days based on the number of Avast users who saw the Locky downloader. Notice that a slow-down occurs for several days before a new round of attacks; but this time it’s been more than 15 days, which doesn’t fit the pattern. The drop between attacks is not typically as significant as it has been during the 2016-17 winter holiday period.
When we consider why the incidents of Locky dropped during the last 15 days we have to wonder:
- Are ransomware attacks down over the holidays because business users, those victimized the most, are not at work?
- Did the attackers decide to reduce the number of overall attacks?
- Are they preparing a new campaign?
- Could they just be celebrating Christmas?
- Like the Grinch, did their small hearts grow three sizes and they abandoned the ransomware business?
Well, don’t count on them going out of business. They have celebrated an incredibly profitable 2016 and we are expecting a new Locky ransomware campaign, starting the week of January 9th forward.
If you’ve been unfortunate enough to have had your business hit with previous Ransomware attacks such as Crypto-Locker or Crypto-Wall you know how severe this can be.
Let the experts at EvoIT help secure your network from attacks like these, we’ve developed special tools and policies to put a barrier to these infections on your frontlines “aka” your end users (Sally we’re talking about you!)