Ransomware alert - New Locky Variant Lukitus Distributed in 23 Million Emails

New Locky Variant Lukitus Distributed in 23 Million Emails. See below for advice on staying safe.

Ransomware is again attacking globally and causing infections at a high rate.

There has been a new launch of emails laced with Ransomware as seen in the URL - https://www.trendmicro.com/vinfo/us/security/news/...

Please see below for the best way to prevent this infection coming through to your organisation, as emails are the key delivery.

Please share this with your colleagues and ensure that awareness is as widespread as possible.

Tips for spotting a phishing / spam email

-The message contains a mismatched URL
One of the first things I recommend checking in a suspicious email message is the integrity of any embedded URLs. Oftentimes the URL in a phishing message will appear to be perfectly valid. However, if you hover your mouse over the top of the URL, you should see the actual hyperlinked address (at least in Outlook). If the hyperlinked address is different from the address that is displayed, the message is probably fraudulent or malicious.

-The message contains poor spelling and grammar
Whenever a large company sends out a message on behalf of the company as a whole, the message is usually reviewed for spelling, grammar, and legality, among other things. So if a message is filled with poor grammar or spelling mistakes, it probably didn't come from a major corporation's legal department.

-The message asks for personal information
No matter how official an email message might look, it's always a bad sign if the message asks for personal information. Your bank doesn't need you to send it your account number. It already knows what that is. Similarly, a reputable company should never send an email asking for your password, credit card number, or the answer to a security question.

-The offer seems too good to be true
There is an old saying that if something seems too good to be true, it probably is. That holds especially true for email messages. If you receive a message from someone unknown to you who is making big promises, the message is probably a scam.

-You didn't initiate the action
Today I received the below email message informing me of an invoice attached which I had not purchased or requested, this is clearly spam. You may also get a message informing you that you have won a contest you did not enter, you can bet that the message is a scam.

-You're asked to send money to cover expenses
One tell-tale sign of a phishing email is that you will eventually be asked for money. You might not get hit up for cash in the initial message. But sooner or later, phishing artists will likely ask for money to cover expenses, taxes, fees, or something similar. If that happens, you can bet that it's a scam.

-The message makes unrealistic threats
Although most of the phishing scams try to trick people into giving up cash or sensitive information by promising instant riches, some phishing artists use intimidation to scare victims into giving up information. If a message makes unrealistic threats, it's probably a scam. Let me give you an example.

-The message appears to be from a government agency
Phishing artists who want to use intimidation don't always pose as a bank. Sometimes they'll send messages claiming to have come from a law enforcement agency, the IRS, the FBI, or just about any other entity that might scare the average law-abiding citizen.

-Something just doesn't look right
The idea is that if something looks off, there's probably a good reason why. This same principle almost always applies to email messages. If you receive a message that seems suspicious, it's usually in your best interest to avoid acting on the message.

Web Browsing

- Ransomware / Crypto virus creators are very clever at embedding their malware agents in legitimate websites for a short period of time (less than 6 hours).
This means during the period of the agent being embedded, the malware can be spread to unsuspecting users. This usually happens on smaller websites with lower security protocols.
So in order to reduce the likelihood of becoming an infection victim, it is best advised to restrict website browsing to company related production sites and be very observant of activities in your browser if you access non business related sites.

Technology & social care e-bulletin

Connecting Care issues a monthly e-bulletin rounding up the latest technology and social care stories for providers of adult and social care. It's free for anyone interested in technology and adult social care.

Subscribe to the e-bulletin…