A new spam campaign has recently been seen distributing the Locky and FakeGlobe ransomware to unsuspecting victims, enabling the possibility that those who get infected might have to pay to decrypt their files not just once, but twice.
Discovered by researchers over at Trend Micro, the cybercriminals behind the initiative designed the two crypto-malware to rotate while distributing so that clicking on a link from a spam email might deliver Locky in the first hour, and FakeGlobe by the next. This makes victims infected with one ransomware still vulnerable to another attack.
The emails were found to have a .7z file attached, which is disguised as a legitimate invoice. This, as usual, will trigger the malicious code onto the host computer when opened. The researchers further found that the payload changes every few hours. As ZDNet explains, this means that one computer on a network can become infected with ransomware, with the user giving in to the demand, while another can unknowingly fall to the other malware after a few hours.
The campaign has affected users in China, Japan, US, and 70 other countries. The messages were sent during work hours when users are more likely to check their email. Lastly, Trend Micro found that the senders of the malicious message were mostly from India, Vietnam, and Iran.
It's not new that cybercrooks tend to bundle two malicious software in one attack. Ransomware can be combined with information-stealing code that can be used to further threaten the victim. However, with the consideration that rotating malware that can encrypt your system twice is now a reality, it pays to be careful of the attachments we download online. This is the usual attack vector of cybercriminals, and proven to be an effective one as well. Employing a good security solution can also help in protecting our computers from malicious software that can compromise our security.