Alert on Locky Ransomware

RANSOMWARE HI ENGE NI?

Ransomware hi software chikhat (Computer Virus ang chi) a ni a, computer, tablet emaw smartphone a a kai tawh chuan a chhung a data awm zawng zawng kha a encrypt vek a, kha computer emaw phone emaw kha khawih danglam theih tawh lovin a lock thin a ni. Ransomware in khawl a lock toh unlock na tur chu sum emaw a tlukpui a rawn phut bawk thin a ni. Tunhnai mai khan he Ransomware chi thar Locky ransomware hi internet-ah rawn darh in khawvel pum puiah a darh mek zel a ni.

LOCKY RANSOMWARE THAR LEH A HNATHAWH DAN

Hmanni deuha thil lo thleng tawh dang Wannacry Ransomware te leh tun hnai mai a mi tho Mamba Ransomware te ang chi tho niin. Kum 2017 chawhnu lamah hian Internet kal tlang in khawvel pum ah a rawn darh a. He Ransomware hi email hmangin misual tu tih hriatloh ten Internet khawvela email nei ho zawng zawng deuhthawh ah an thawn chhuak mek a. Locky Ransomware hi chi hnih a awm a, chungte te chu Lukitus leh Diablo te an ni. Locky hian a hnuai a kan tar lan ang te khu email lo dawngtu te bum nan subject ah emaw, a chhung thu ah emaw a hmang thin a ni.

  • Please print
  • Documents
  • Photo
  • Images
  • Scans
  • Pictures

He email/message hian zip file attachment a rawn nei thin a, chumi chhungah chuan Visual Basic Script (VBS) a in phum ru a, kha file kha click a nih rual rual in Malicious website (Website a hmangtu te tana hlauhawm leh a ruka a hmangtu te khawl ti buai thei) pakhat – greatesthits[dot]mygoldmusic[dot]com chu connect nghalin chuta tang chuan Locky Ransomware chi thar chu a rukin a download ta thin a ni. Locky hian a luh chilh tawh khawl chhunga file-te chu khawih danglam theih lo turin a encrypt nghal ta char char mai a, file a encrypt tawh ho ah chuan a file hming tawp ah [.] lukitus a dah belh bawk thin. A chang chaun a file hming chu hawrawp chi hrang 16 leh number chawhpawlh in a thlak a, a extension a tan diablo6 tih a dah thin bawk.

Hetia khawl a luchilh tawh te file zawng zawng khawih chet theih lova a encrypt tawh hnu hian Locky chuan Desktop background thlakin hriattirna a rawn ti lang ta thin a ni. He a desktop background file hming ah hian Lukitus.htm (Hyper Text Markup file) a hmang a thin a ni.

Chutia he Ransomware (Locky) in kha khawl a thunun tawh hnu chuan, a neitu (victim)  chuTOR Browser install turin a ti a, a chinfel theihna tur link .onion (Darkweb ti a hriat) address chu pe in, heta tang hian Payment siam a ngai ta thin a ni. Payment ah hian khawvela kan pawisa hman ni lovin BITCOIN (Internet pawisa ti mai ila) hmanga pek a ngai a, point five (.5) Bitcoin I pek a ngai a, he bitcoin hi I pek chuan a rawn beitu misual hian khang file encrypt tawh te decrypt leh theihna a hrilh tur thu a rawn  hrilh bawk thin a ni.  .5 Bitcoin hi india pawisa in Rs. 1.5 lakhs vel a ni. Hetia pawisa pek a nih hnu pawh hian Locky-in file a encrypt toh ho hi a decrypt theih ngei dawn a ni tih chiang takin a la hriat loh a, decrypt a ni ta tih report pawh dawn a awm chuang lo a ni.

Hetianga email hmanga mi an beihna piah lamah pawh heng misual te hian tih dan chi dang hman an la nei cheu tih hriat a ni a. Fake Dropbox hmangin Wod document a chhung macro script awm an hmang tih te pawh hriat a ni. A langsar zual dang pakhat chu, he thil hian computer khawihtu chu Firefox leh Chrome broweser atang re-direct in malicious webpage pakhat ah Popup hmangin Font pakhat ‘Hoefler font’  kim lo niin a hrilh a, chu font  chu install turin popup a rawn siam thin a, hetia font thar install tur anga lang si hian a rukin Locky Ransomware chu a lo download thin bawk a ni.

 DECRYPTION (FILE A ENCRYPT TTAWHH LAK LET LEH DAN)

Locky Ransomware in a encrypt tawh file hi vawiin ni thleng hian a decrypt dan hriat ala ni lo.

I COMPUTER/SMARTPHONE/TABLET KHA LOCKY RANSOMWARE IN A TIBUAI EM TIH HRIATNA.

  • Greatesthits[dot]mygoldmusic[dot]com
  • Files with extension “[.]lukitus” or “[.]diablo6”
  • File Win[.]JSfontlib09[.]is
  • Hxxp://geocean.co.id/657erikftgvb??pGDIWEKDHD=pGDIWEKDHD
  • Locky ransomware post-infection URL: hxxp://46.183.165.45/imageload.cgi

Fake Dropbox sites:

  • hxxp://albion-cx22.co.uk/dropbox.html
  • hxxp://ambrogiauto.com/dropbox.html
  • hxxp://arthurdenniswialliams.com/dropbox.html
  • hxxps://autoecoleathena.com/dropbox.html
  • hxxps://autoecoledufrene.com/dropbox.html
  • hxxp://avtokhim.ru/dropbox.html
  • hxxp://bayimpex.be/dropbox.html
  • hxxp://binarycausins.com/dropbox.html
  • hxxp://charleskeener.com/dropbox.html
  • hxxp://compusvoltaire.com/dropbox.html
  • hxxp://dar-alataa.com/dropvox.html
  • hxxp://flooringforyou.co.uk/dropbox.html
  • hxxp://gestionale-orbit.it/dropbox.html
  • hxxp://griffithphoto.com/dropbox.html

Note: A chunga kan tarlan te khi a theih ang angin a IP emaw a domain name khi block ang che.

ENTIN NGE KAN LO INVEN ANG?

Computer Administrator te leh User te kan network leh kan computer ten a lo him theihnan a hnuaia kan han tarlan te hi zawm hram I tum ang u.

  • Data pawimawh kan hloh loh nan kan data pawimawh zawng zawng te backup vek ni sela, tin heng kan backup te hi device/harddisk hran ah emaw internet thlun zawm loh khawl ah dah tur a ni.
  • Kan Operating system hman leh third party software (MS Office leh browser etc) te patch leh update theih ang ang update vek tur a ni.
  • Computer zawng zawngah Antivirus dah vek tur a ni.
  • Tu hnen atanga rawn kal nge tih hriat loh email reng reng hawn loh tur. Email a link rawn kal kha a genuine ngei niin lang mahse, click mai lovin web browser hmang in a website kha direct a luh tur a ni.
  • Web browser ah khan content control I hmang ngei a ni tih chiang ang che.
  • Sender Policy Framework (SPF) zawm ngei ang che. He thil hi Spam email lo filter na leh lo zawn chhuahna a nih angin hmang tangkai la, Corporate email inbox hian beih atawk nasa tih hria nag che.
  • I database te a him leh him loh emaw a that leh that loh (integrity) check fo thin rawh.
  • Backup data zawng zawng te regular takin ala that leh that loh (integrity) check nei thin rawh.
  • %APPDATA% leh %TEMP% atang hian executables files RUN theih loh turin block ang che. He folder pahnih hi Ransomware ho hnathawh tanna bulpui a nih thin a vang.
  • I network security ngai pawimawh la venghim tha ang che.
  • MS Office application – Word, Excell leh thil dangah ActiveX content disable rawh.
  • Remote Desktop Connection – disable rawh.
  • Computer zawng zawngah Firewall ON ang che.
  • Pendrive leh External Harddrive hman chungchangah fimkhur hle rawh. Pendrive leh external Harddisk te hi VIRUS leh a kaihhnawih in kai chhawnna awlsam ber a ni tih hria ang che.
  • I database leh network security a him leh him loh hriat nan Vulnerability and Assessment and Penetration Test (VAPT) regular takin nei thin ang che.
  • Mimal emaw pawl emaw he Ransomware in a tih buai kan awm a nih chuan an sum phut hi pe lo turin kan in ngen a ni e. an thil put tih hlawhtlin avanga an file te hmu let an awm hriat a la nih loh avangin.