Cybersecurity firm warns of 20 million active ransomware attempts in last 24 hours
Over the course of 24 hours beginning August 30, there have been 20 million attempts at a ransomware attack through an email attachment, cybersecurity specialist Barracuda said.
The warning note comes two days after another the hackers behind Locky ransomware launched a massive campaign on August 28, with more than 23 million infected emails sent in a 24-hour period, researchers at AppRiver found.
Barracuda said the newest attack comes from a spoofed email address bearing the attachment name and number in the subject line.
One example of the email attachment’s naming convention: Payment_201708-6165.7z.
A file encryption/ransomware attack follows three steps. The first is delivery, where an attachment arrives in an inbox.
“It’s best to stop this attack before it arrives at your network, which is possible with an email security service,” Barracuda said.
The second step is infection. In the case of this latest ransomware attack, as seen by the spoofed source address, impersonation is key to gaining the trust of an email recipient.
“If the impersonation is successful, the recipient is likely to open the payment file attachment,” Barracuda added. “At this point, the embedded threat may be executed, which will begin the process of encryption.”
And the third step is ransom. Once an attack hits a predetermined threshold, the attacker will present a document that indicates the payment required for the decryption file.
“At this point, the victim might pay the ransom, recover from backup, or search for a decryption key online from a resource like NoMoreRansom,” Barracuda said. “We advise against making payment to ransomware criminals because this doesn’t guarantee the decryption of your files and it encourages them to target you again in the future.”
Barracuda said the JavaScrpt file is from the ransomware strain known as Locky. While Locky at one point was thought to be nearly extinct, the virus has continued to pummel all sectors in 2017. It’s one of the most successful ransomware strains launched, as it continues to evolve to evade attempts to crack its code.