Pages

vendredi 20 mai 2016

Le trojan crypto-rançonneur Locky décrypté par David Balaban


C’est toujours en anglais…

Par ailleurs, les informations sur les récents déboires du gang de cybercriminels continuent à se propager, mais toujours pas en français…


http://www.smartdatacollective.com/david-balaban/412688/locky-ransomware-statistics-geos-targeted-amounts-paid-spread-volumes-and-much-

Locky Ransomware Statistics: Geos Targeted, Amounts Paid, Spread Volumes and Much More…


Posted May 19, 2016


Locky is quite a recent encryption virus that has created waves in the cyberspace by attacking the system of Hollywood Presbyterian Medical Center during February. Plenty of patients at the medical center had to be shifted to other centers because of the attack. This attack has been the worst ransomware nightmare of the year and the hospital had to pay $ 17,000 in Bitcoin for resuming normal operation.

Take a look at the Locky stats and key features to figure out yourself the pace at which this ransomware is creating havoc in the cyberspace.

  • Average ransom sum demanded: 0.5-1 Bitcoin. But amount varies depending on the victim. Public institutions are demanded a huge sum.
  • Infection rate: 90,000 devices per day.
  • Features: domain generation algorithm, Bitcoin/TOR payment, custom encrypted communication via IM.
  • File type encryption: More than 160 file types can be encrypted by Locky.
  • Countries most affected:
    • France
    • Italy
    • Germany
    • Spain
    • USA
  • Malicious servers located: 3 in Germany, 9 in Russia, rest in Ukraine, Netherlands, France, Estonia, Bulgaria, Moldova and Austria.
  • Propagation Medium: Mass spam emails with malicious links, .doc file with a macro in the attachment.
  • Victims willing to pay ransom: 2.9%.
  • Usual files through which Locky virus is spread: Excel/Word files.
  • Number of countries affected:
    • February – 105
    • March – 62

The cyber security experts estimated that Locky possessed 17% “market share” among all ransomware infections. It surpassed in numbers the notorious TeslaCrypt ransomware, which affected mostly the U.S.

Locky attacked more than 400,000 victims in the very first week of its detection. As per recent reports, the ransomware infects 30 devices per minute. Cyber security experts tracked more than 60,000 attacks in the United States and Germany in the duration of 24 hours after the ransomware became quite popular.

Google Trends data shows that the usage of the keyword “Locky” dramatically increased. Currently, this ransomware has infected computers in 114 different countries.

Largest publicly admitted ransom was paid by the Hollywood Hospital, it was $17,000 in Bitcoin. The second largest sum was $1,600 in Bitcoin paid by the Methodist Hospital.

The table below offers an estimate of the money that can be made by Locky ransomware in USD on an average on a per day, monthly and yearly basis considering that 90,000 infections occur per day of which 2.9% victims opt to pay the ransom. The rate considered in the estimation is 1 Bitcoin per attack.

Ransom Price Victims/day Number of payouts/day Bitcoin value Per day earning Per month earning Yearly earning
1 Bitcoin 90,000 2,610 $419 $1,093,590 $32,807,700 $393,692,400


A look into this estimation hints the potential that Locky has in earning profits due to the ransomware attacks. Having the potential of making $1,093,590 on a daily basis is not something that can be ignored. This is quite a huge sum and a matter of huge concern for the cyber security experts.

Undoubtedly, Locky has managed to make a lot of money by the attacks carried out by it. This can be said with the figures mentioned in this article. This can also be said because of the attention that this ransomware has received from the cyber security experts.

Bowing down to ransomware attacks encourages the attackers more and more. There is a strong need to put a stop to the ransomware Locky ransomware attacks. The cyber security experts are working on developing the Locky decryptor tool. Several other ransomware infections have been successfully cracked due to mistakes in their code done by cybercriminals.

Ransomware is proving out to be very dangerous in the cyberspace. Locky ransomware is no exception. The threat that this ransomware can pose should be seriously treated by public institutions as they are quite vulnerable. Only in the US, about 10 Police departments already paid the money to hackers! The same applies to businesses as they cannot afford to lose the vital documents that they need on a daily basis.

The only way to deal with ransomware is not to bow down to the demands of the hackers. If we stop paying this illegal economy can be quickly destroyed. It is also vital not to open any spam emails that seem to be suspicious and do frequent backups of all files. Better cybersecurity tools and awareness can help in dealing with ransomware attacks.

Sources:
https://blog.kaspersky.com/locky-ransomware/11667
https://blog.avast.com/a-closer-look-at-the-locky-ransomware
https://securelist.com/blog/research/74398/locky-the-encryptor-taking-the-world-by-storm
http://nabzsoftware.com/types-of-threats/locky-file
http://blog.talosintel.com/2016/04/ransomware.html

Authored by:

David Balaban


David Balaban is a computer security researcher with over 10 years of experience in malware analysis and antivirus software evaluation. David runs the Privacy-PC.com project which presents expert opinions on the contemporary information security matters, including social engineering, penetration testing, threat intelligence, online privacy and white hat hacking. As part of his work at …

See complete profile

1 commentaire:

  1. Thank you for summarizing this malicious ransomware in one blog. I have bookmarked your blog. However, a few days back I have come across another blog explaining Locky ransomware . Why so many platforms are focusing on it?

    RépondreSupprimer