Locky bolts back big time in September

September saw the Locky ransomware return on a massive scale, according to Check Point Software’s monthly malware report.

Despite not appearing in Check Point’s top ten most wanted malware list since November 2016, it shot up 25 places to rank second after being responsible for 11.5 per cent of ransomware infections at global organisations. Malvertising package RoughTed was the number one most wanted malware for September.

Locky is spread primarily via spam emails containing a downloader disguised as a Word or Zip attachment containing malicious macros.

When users activate these macros, usually via a social engineering instruction, the attachment downloads and installs the malware that encrypts the user files before demanding a bitcoin payment.

One in ten organisations around the world were affected by some form of ransomware in September.

Maya Horowitz, group manager of threat intelligence at Check Point, said Locky’s resurgence proved that businesses should never become complacent regarding online security.

“If any organisations were still in doubt about the seriousness of the ransomware threat, these statistics should make them think twice,” she commented.

“We’ve got ransomware taking up two of the top three spots – one a relatively new variant that just emerged this year, and the other an older family that has just had a massive reboot. All it takes is for a single employee to be taken in by a social engineering trick, and organizations can be placed in a hugely compromising position”.