One of India’s offices in the Ministry of Electronics and Information Technology, the Indian Computer Emergency Response Team (CERT-In), has warned of a massive spam campaign intended to spread Lukitus, a new Lockyransomware variant. Having already infected 23 million emails in just the span of 24 hours, the campaign is now considered the largest ransomware attack in the second half of 2017. Trend Micro detected samples of Lukitus as Ransom_LOCKY.DLDTATN, Ransom_LOCKY.TH817, Ransom_LOCKY.DLDTATT, and Ransom_LOCKY.AJA.
Figure 1. Lukitus infection diagram
Figure 2. Lukitus ransom notes
Figure 3. Files encrypted by Lukitus
Spam was the top infection vector among the ransomware threats we detected and blocked in 2016, accounting for 79 percent of the total. It is highly recommended for users and enterprises to have an email security solution that checks for email reputation, web reputation of the embedded links, file attachments, as well as macros in Microsoft Office documents.
In addition, users and enterprises can adopt these best practices to lower or eliminate the risk of ransomware infection.
For small businesses, Trend Micro Worry-Free Services Advanced offers cloud-based email gateway security through Hosted Email Security. Its endpoint protection also delivers several capabilities such as behavior monitoring and real-time web reputation in order detect and block ransomware.
For home users, Trend Micro Security 10 provides strong protection against ransomware by blocking malicious websites, emails, and files associated with this threat.
Find more in-depth information on Trend Micro detections and solutions for Trend Micro Deep Security, Vulnerability Protection, TippingPoint, and Deep Discovery Inspector in thistechnical support page.
Like it? Add this infographic to your site: 1. Click on the box below. 2. Press Ctrl+A to select all. 3. Press Ctrl+C to copy. 4. Paste the code into your page (Ctrl+V).