Massive Ransomware Attack Unleashes 23 Million Emails In 24 Hours
Sometimes cyberattacks are incredibly sophisticated. They succeed through careful planning and methodical execution. Other times hackers will launch wholesale attacks, setting as many traps as possible and waiting to see how many people walk into them.
The latter is the approach taken by cybercriminals with a recent email barrage that is spreading a nasty new strain of the notorious Locky ransomware. Security experts at AppRiver have been watching the campaign unfold. In just 24 short hours, their systems have watched the attack fire off a jaw-dropping 23 million infected emails.
The sample email posted by AppRiver looks like minimal effort was put into its creation. The only text in it is the words “download it here” and a bogus sender’s name. The subject line of the email is randomly chosen, albeit from a very simplistic list. Most are just one word: documents, photo, images, scans, pictures. The most complex has two: please print.
Those are very obvious red flags, but with 23 million potential targets there’s bound to be a few ill-advised clicks. Any unfortunate folks who fall for the phishing attack are in for a nasty shock. To regain access to their files, they’ll have to fork over a sizable payment. At the time of publishing, AppRiver noted that the cost was .5 Bitcoin. At today’s exchange rate, that’s just over $2300.
Even if just 900 people — which represents just 0.004% of the one-day blast — are compromised, whoever is behind this attack stands to clear a couple million dollars.
Locky first surfaced in early 2016. It’s very aggressive ransomware, encrypting a wide variety of files. It can also encrypt files both on the infected computer and on other computers on the same network. Like this new variant, the original Locky is generally distributed via phishing emails with an attached Word document.