As industry research continues to pour in on Locky — the newly emerging ransomware responsible for locking out Hollywood Presbyterian Medical Center, it is becoming clear that the malicious code is propagating rapidly in the U.S. and across the globe.
Locky’s accelerated distribution was noted in recent advisories from leading security firms Heimdal Security and Palo Alto Networks. The latter, in a Feb. 16 blog post, said it “observed approximately 446,000 sessions for this threat, over half of which targeted the United States (54 percent).”
But Locky’s global reach is expanding as well, as evidenced by today’s Heimdal blog post, which analyzes an email spam campaign designed to trick German-language targets into downloading the ransomware. In this instance, the spoofed emails appear to come from MPSMobile, a mobile device accessory wholesaler. MPSMobile’s homepage today features a prominent security advisory warning customers not to fall for the email-based scam.
The spam emails spread Locky via malicious Word attachments as well as via macros that, upon activation, connects a victim’s PC to a malicious web page. Researchers have also noted a distinct link between Locky and the known banking malware Dridex, believing them to be the handiwork of the same bad actors.