Based on analysis of past Locky ransomware attacks, experts in the Avast Threat Labs predict that another attack is imminent.
Locky ransomware, a variant of ransomware that scrambles your files, changes all the names, and then demands payment to unscramble them and release them back to you, has taken a holiday of sorts. Avast detection of Locky shows that attacks have slowed down considerably during the days before Christmas through New Year and leading up to Eastern Orthodox Christmas, which is celebrated in Russia on January 7.
The Avast Threat Lab analyzes the lifecycle of Locky, and we can see small peaks, new spread methods, new binaries etc., usually occurring before a new campaign starts. This graph shows data for the last one hundred days based on the number of users who saw the Locky downloader. Notice that a slow-down occurs for several days before a new round of attacks; but this time it’s been more than 15 days, which doesn’t fit the pattern. The drop between attacks is not typically as significant as it has been during the 2016-17 winter holiday period.
When we consider why the incidents of Locky dropped during the last 15 days we have to wonder:
My personal guess is there will be a new Locky ransomware campaign, starting after January 7.
You can read more about Locky ransomware in our previous blog posts:
Sextortion email scams are unsettling and can have serious real-world consequences. Read up on several prominent sextortion email campaigns and how to react to them.
Avast Threat Intelligence has identified a new advanced persistent threats (APT) campaign targeting government agencies and a government data center in Mongolia.