Locky ransomware sent to 23 million users in a new campaign

A couple of weeks ago we told you about the return of the Locky ransomware. Despite the fact that many considered it dead, the ransomware returns and does so with more force than ever. Now, a large-scale email campaign has been launched.

Locky ransomware sent to 23 million users in a new campaign

Due to this campaign, the ransomware has been sent to some 23 million users worldwide. Two security companies have discovered two massive campaigns. They each spread a variant, but the two have Locky ransomware in common.

Locky ransomware

AppRiver discovered a campaign that sent more than 23 million messages with the Locky ransomware in its content in just 24 hours. This was on August 28, and according to company data, all of these messages were sent in the United States. So it is one of the largest ransomware campaigns seen since WannaCry. While another campaign has been sent in countries like Vietnam, Turkey or Mexico.

In this case, the emails that were sent were quite imprecise, with messages saying that the document in question had to be printed. They all contained an attached ZIP file, which contained a VBS file inside. If the user downloads this file, it is the moment when Locky manages to sneak onto the device and is kidnapped.

Generally, between 0.5 and 1 Bitcoin is being asked as a ransom to decrypt the files. The campaign may continue to expand globally. Therefore, users are recommended to take the usual precautions. Do not open any messages from unknown addresses, much less open attachments. Locky is back.