Skip to content
Search
  • There are no suggestions because the search field is empty.
Cancel
Get Started Now

    Security Awareness Training Blog

    New Locky Ransomware Phishing Attack: Credit Card Suspended And Suspicious Money Movements

    Locky RansomwareGraham Cluley was the first to report on a new Locky ransomware phishing attack where the emails claim to be "credit card suspended" and "suspicious money movement" warnings.

    He said: "In the last few days there have been a spate of spammed-out attacks using similar techniques to dupe unwary internet users into clicking on an attachment that will lead to their Windows PC being infected with the notorious Locky ransomware."

    This attack is now using threats claiming that there have been “suspicious movements” of funds out of your bank account and/or that your credit card account has been suspended. Here is an example of the suspicious money movement social engineering tactic:

    Locky Ransomware Phishing Email

    Attached to the email is a ZIP file containing a malicious Javascript file (.JS), that if the employee opens it, downloads the most recent version of the Locky ransomware from a remote server from one of five different URLs.  

    Next, the ransomware is executed without any further user interaction. Some anti-virus products detect the malicious Javascript as Trojan.JS.Downloader.GXW, but that changes on a regular basis. Here is an example of the credit card suspension email:

    Credit Card Suspension Phishing Email

    The Locky cybercriminals are well-organized and highly automated. They change the names and contact details used in these phishing emails so you cannot rely on them being the same. Ransomware is cybercrime's most successful business model, so count on these attacks increasing in the future.

    Have your defense-in-depth fully in place, have weapons-grade backups, and step your users through new-school security awareness training which includes frequent simulated phishing attacks to keep them on their toes with security top of mind.

    11/11/2016 - Correcctions and Amplifications Department: Turns out that Phishme reported on this even earlier, (November 8th, 2016) and pointed out that the address was the Office of Personnel Management where 22 million government workers profiles had been exfiltrated.

    Free Ransomware Simulator Tool

    How vulnerable is your network against ransomware attacks?

    Bad guys are constantly coming out with new versions of ransomware strains to evade detection. Is your network effective in blocking ransomware when employees fall for social engineering attacks?

    KnowBe4’s Ransomware Simulator "RanSim" gives you a quick look at the effectiveness of your existing network protection. RanSim will simulate 10 ransomware infection scenarios and show you if a workstation is vulnerable to infection.

    Learn More

    Don't like to click on redirected buttons? Copy & Paste this link in your browser:
     
    https://www.knowbe4.com/ransomware-simulator
     

     

    Return To KnowBe4 Security Blog

    Topics: Ransomware

    Stu Sjouwerman

    ABOUT STU SJOUWERMAN

    Stu Sjouwerman (pronounced “shower-man”) is the founder and CEO of KnowBe4, Inc., which hosts the world’s most popular integrated security awareness training and simulated phishing platform, with over 54,000 organization customers and more than 50 million users. A serial entrepreneur and data security expert with 30 years in the IT industry, Stu was the co-founder of Inc. 500 company Sunbelt Software, a multiple award-winning anti-malware software company that was acquired in 2010.

    Read more from Stu »

    Subscribe to Our Blog


    Security Awareness Training
    Blog RSS Feed
    Comprehensive Anti-Phishing Guide
    All Posts

    Posts by Tag

    See all

    Posts By Topic

    View All

    Get the latest about social engineering

    Subscribe to CyberheistNews