Malicious Spam Email Campaign Pushes Locky Ransomware in Rotation
Developers of Locky Ransomware probably are running out of names for the newer version of this nasty ransomware project that currently contains few other variants of noxious crypto-ransomware threats including .dian File Extension Ransomware. The newer version of Locky which was released in mid of year 2017, features name DCry ransomware. Recently, the security experts have spotted a new wave of junk emails that include the malicious parasite. Therefore, it seems that the cyber extortionists decided to come back and earn illegal money through compromising user’s machine by asking them to pay ransom money after encoding their important system files.
The new spam email campaign used by the developers of Locky Ransomware tries to convince the computer users that they have received the payment which includes the subject line, such as ‘Payment Receipt_597’, ‘Receipt_348’, ‘Payment#114’ etc. However, the mentioned number might vary according to the sender’s name and email addresses. Nevertheless, the criminal hackers pretend to be from reputed companies and organizations. Though, right before opening the junk emails and especially the documents attached onto it, you should learn to recognize malicious emails. The suspicious mails that have an attached document in PDF format named with a random string of numbers and letters arrived from unknown senders should be avoided.
Obviously, such obfuscated document attached into malicious emails includes Locky Ransomware or other hazardous file-encoder virus like ‘.dian File Extension Ransomware‘ virus. Nevertheless, the spam email has a .pdf extension and right after clicking onto it, it immediately opens a Word file. Indeed, such activity should look completely suspicious and the computer users are supposed to close the document immediately. Besides, a notification informing the web surfers about a necessity of enabling Macro commands that might stop users as well. The alert pop-up states that the attached file is protected and you need to click on ‘Enable Button’ button to see it properly.
Most importantly, instead of opening the attached file, users download the binary of Locky Ransomware. Indeed, the same deceptive trick criminal hackers have used before. Once activated, the malware is saved on the directory ‘%Temp%\redchip2.exe’ and gets executed automatically to encode the files stored onto the victim’s machine. The Locky Ransomware uses strong RSA-2048 and AES-128 encryption algorithms to make the system’s files unusable and inaccessible. Unfortunately, one of the most nasty ransomware of year 2016 is still undecryptable. Hence, it would be better for you take all possible measures and be cautious with received mails if you don’t want to get infected with ransomware viruses or pay ransom money to the hackers.
Note: In case, if your PC has been infected with PC Protector Plus and looking for the adware removal solution, then visit the website: http://www.removemalwarevirus.com/uninstall-pc-protector-plus-easy-steps-to-get-rid-of-pc-protector-plus