New Ransomware Attack Sweeping the Globe

WannaCry has been the talk in many news outlets at the beginning of the year. This harmful malware program is known to target computers running on Microsoft Windows operating system by encrypting files and data, such as protected health information and business documents.

There is a new ransomware variant in town. This new variant will be costly to those who are infected with it. This specific type allows hackers to infect the organization or business twice. Once payment has been made, the hackers can launch the second attack to encrypt system files and data again requiring the organization or business to make a second ransom payment. Healthcare IT News stated that “hackers are combining these variants to maximize ransoms”. An important factor to note is that these emails are being delivered during business hours. Most of the senders of this new strand are from India, Vietnam and Iran. There is a total of 185 countries involved in distributing these two variants with most of the victims coming from Japan, United States and China.

What is Locky?

Locky is a ransomware what is being delivered by email with common subject lines like “please print”, “documents”, and “photo”. Once the attachment is opened, it will scamble all the files in any directory, including any removable hard drives and USBs plugged to the computer or shared network. If the computer is connected to the network, such as a server, this malware can cause a major problem to a practice’s network and data.

There has also been report of Locky being linked to fake dropbox sites. An email will be delivered requesting user to verify the email address to continue with set-up. Once you click on the link to verify your email, it will take you to a page and depending on what web browser you are using, it will either ask you to “Click here to download a new verification message” or “update” your font bcause “Hoefler Text” was not found to view the page.

What is FakeGlobe?

FakeGlobe is like many other ransomware strands, where it is being delivered by email to deliver the malware. FakeGlobe poses as legitimate invoices or automated repsonses in an email with possible subject lines of “Receipt #83396”, “Payment Receipt #97481” or “Receipt-351”. small and medium size businesses

Can you spot the difference between the two rows of file types? It is easy to change the image of the file type attached to your emails to look like common file types, such as PDF, Excel, Word document, etc. Do not depend on the icon image of the file to determine if the file is safe for you to open or not in your email attachment. As you can see, the PDF file displayed in the image below isn’t a PDF file but an executable program. Once you click on it, the file will run on your computer system to infect your computer with the malware attached. Here are some file extensions that viruses can disguise themselves as to harm your system: .exe, .pif, .com, .application, .js, .jse, .docm, and .xlsm.

Images from: https://myonlinesecurity.co.uk

How to identify it and what to do?

The new strand is being delivered by emails with either “Herbalife” or “copier” file delivery in the subject line. According to Axios, those who were infected with the malware and made ransom payments haven’t received the key to unlock their files and data.

Here are some suggestions to help detect possible threats:

1. Check the file extension to make sure that what was being sent is truly the right file type and not a hidden, harmful program waiting to destroy your computer system.
2. Before clicking on a hyperlink or a button in your Outlook email, hover your mouse over it and a link will appear showing you the web page it will take you to on your web browser.
3. For Gmail user, hover your mouse over the hyperlink or button and the web page information will be displayed at the bottom of the screen.
4. Keep your anti-virus software up to date so that you are protected from the latest strands of malware.