Security experts are warning that a sudden surge in ransomware is hitting unwitting internet users disguised as junk mail that, if opened, will lock down computer systems and charge hundreds of pounds for the release of personal files.
The spike in attacks has been blamed on the rapid ascension of a new malware strain dubbed 'Locky' that only appeared on the scene two weeks ago but has already gained notoriety for its effectiveness. Like many other ransom-based malware, Locky currently charges infected users bitcoin in exchange for access to encrypted files.
Over the past 30 days, Trustwave experts said they recorded concentrated bursts of ransomware activity and at one point a peak of 200,000 emails hit their servers in a single hour.
Playing in the big league
Yet Trustwave is not the only major security firm to be noticing this surge in ransomware activity with experts at Fortinet also publishing evidence that Locky has quickly taken a place beside other established ransomware strains like Crytowall and TeslaCrypt.
"Locky already covers a big chunk of the infections in the two weeks of its existence. It also surpassed TeslaCrypt infections which shows significantly lower hits," reported security researcher Roland Dela Paz.
By analysing a massive 18.6 million hits from CryptoWall, TeslaCrypt and Locky communications combined, Locky alone accounted for a significant 16.47% of the total amount – not bad for the new malware on the block.
Steve Ward, senior director at security firm iSIGHT Partners told IBTimes UK: "Locky is likely operated by the same actors managing Dridex botnets and, barring law enforcement intervention, will highly likely remain a significant threat for the long-term."
Ransomware attacks have been hitting a number of high-profile targets since the beginning of the year, with the most recent targeted being a US-based hospital which was forced to pay cybercriminals $17,000 in order to remove the malware and unlock crucial computer systems.
"Ransomware is a particularly nasty form of malware because once you are hit with its encryption, your files are toast," Rahul Kashyap, principal systems engineer with security firm Bromium recently told IBTimes UK.
"Anti-virus can't do anything to bring those encrypted files back to you. Many times, when you are hit with ransomware it is impossible to get your files back because the payment processing may fail or the encryption keys may not work. The ransomware trend will only continue if those infected continue to pay the ransom. We cannot encourage this behaviour, so we suggest these ransoms are not paid."