New Locky mailspam campaign detected, promotes Lukitus version

Locky returns with Lukitus and Diablo versions

Locky ransomware was spotted for the first time more than one year ago. Since then, it has been considered one of the mostly-dangerous ransomware viruses. However, after staying still for some time, last month Locky started another round with two new variants.

After security researchers detected Diablo ransomware, everyone thought that this is the malware everyone should be scared of. However, several days later Lukitus ransomware emerged. Unfortunately, both versions were set to rely on separate email spam campaigns in an attempt to find more victims.

How do Lukitus and Diablo6 spread?

The primary tool used to spread Locky was Necurs botnet – one of the largest botnets which is still used for cyber attacks. However, the latest Locky’s version – Lukitus – does not rely only on Necurs, it also relies on other botnets.

Just like Lukitus, Diablo variant has also been spread using an unknown botnet consisting of 11,000 infected devices to push out spam to unaware PC users. So far, it seems like it was built just several months ago and keeps growing.

Fortunately, although new variations of Locky ransomware are more advanced, attacks haven’t been as successful as previous attempts.

The victim lure

Even though the new variants use the same attack vector – email spam, they differ from the old ones. Diablo campaign uses various attachments, including Doc, Docx, and PDF, to convince its victims into downloading and opening the files which contain malicious macros.

On the other hand, Lukitus has been using Zip and Rar files as a method of delivery. The attachments include JavaScript files. If launched, JS files would download Lukitus variant and begin the encryption process. Upon encryption, the ransom note shows up. At the moment, it is similar to the one that was used by Locky.

Knowing how dangerous spam can be, it is strongly advised being careful when opening emails from unknown senders. Always double check the files and make sure that are legitimate. When it comes to the security of your files, you can never be too cautious.

Ugnius Kiguolis