Massive Ransomware Attack Underway

PBCrichton-Malware-Hazard-Symbol-RedBarracuda researchers confirmed that a massive ransomware attack is presently underway. Over 20 million SPAM emails with infected attachments carrying a Locky variant have been sent so far and there are no signs that it is slowing down.

Researchers have identified the sources of the attack as coming from Vietnam, India, Columbia, Turkey and Greece.

So far, the email subject lines being used are:

  • HERBALIFE Order Number: [with bogus number]
  • Message from KM_C224e
  • Emailing_10008009158

Now, these criminals are extremely smart and tech savvy so it stands to reason that they’ll change the subject lines as the attack matures. So, beware of all non-solicited or unexpected emails.

Barracuda researchers note that it appears that the attacks are being automatically generated and that parts of the file are randomized in order to evade anti-virus detection.

It is important to note that the attackers are giving the same identifier to all victims paying the ransom. Because of this, victims cannot receive the decryptor to release the files. So, once you pay, you’ve lost not only your money but also your files.

To protect yourself and your business:

  • Make sure everyone in your organization is aware.
  • Keep your anti-virus and anti-malware programs updated and active.
  • NEVER open files or click links in emails that you were not expecting. Even if you know the sender, verify that the attachments and/or links are legitimate BEFORE clicking.
  • It is absolutely critical that you ensure that your backup systems are functioning and that your backup files are viable. The attackers have demonstrated that they are not concerned with sending proper decryptor files. If you get infected, your files are likely lost if you have no backup.

This appears to be a worldwide attack. If it is not in the U.S. now, it will be soon. So, heads-up!


XSolutions is an Elite Partner of Datto, the world leader in Hybrid-Cloud Business Continuity solutions whose systems protect 250+ Petabytes of data with over 800 employees around the globe. Call (845) 362-9675 and lets discuss your specific needs.