A new variant of the proliferate Locky ransomware, dubbed IKARUSdilapidated, was found conducting a fresh, massive spam campaign earlier in August. Locky's new variant used "zombie computers" to send out over 62,000 spam emails in just three days in the first stage of the attack. The cybercriminals operating Locky's new variant demanded victims pay between 0.5 ($2,311, £1,791) and 1 bitcoin ($4,623, £3,583) to get back access to their encrypted files.
Although the campaign targets "tens of thousands" of victims across the globe, the top five countries targeted by the campaign include Vietnam, India, Mexico, Turkey, and Indonesia. According to security researchers at Comodo, who detected the new spam campaign, this is a "large-scale, email-based ransomware attack in which a new Trojan malware variant appears as an unknown file and can slip into unsuspecting and unprepared organizations' infrastructures".
The IKARUSdilapidated strain uses social engineering techniques to trick people into clicking malicious emails. Researchers say that the attack began on 9 August and used 11,625 different IP addresses, likely made up of "zombie computers" or in other words, infected or compromised systems, in 133 different countries to conduct the attacks.
"This is a more mature campaign, targeting office workers whose workstations are part of a corporate network linked to multifunction scanners and printers," Fatih Orhan, director of technology at Comodo, told Threatpost. "As many employees today scan original documents at the company printer and email them to themselves and others, this malware-laden email will look very innocent."
Orhan also said that the attack could not be identified by the firm's in-house AI (artificial intelligence) and that Comodo had to eventually use the "full resources of the lab" to analyse the attack.
The researchers detected three stages of attack from this Locky variant, adding that while the first two stages were large, the third wave of attack was comparatively smaller. Over the past couple of years, Locky has reportedly extorted over $7.8m in ransom payments from victims.
According to Orhan, the latest spam campaign shows "that the malware authors are evolving and changing methods to reach more users and bypass security methods."