New Maktub Locker Ransomware Knows Where You Live

May 9th, 2016
New Maktub Locker Ransomware Knows Where You Live

Ransomware is so common in the world of online threats that even the FBI has labeled it a massive threat to businesses of all kinds. Unlike other types of malware, ransomware has a unique return on investment that’s measurable and highly lucrative for hackers. A new variant of ransomware called Maktub Locker lures victims into a false sense of security by tailoring phishing emails to match their street address.

Maktub Locker tends to spread through an email phishing scam from a seemingly legitimate email address. While normal phishing attacks might give themselves away with spelling errors or terrible grammar, the phishing attacks used by Maktub Locker are relatively clean, and will raise few red flags, even for security-minded users. The email claims that the receiver owes money to an organization that they may (or may not) be associated with, and that they’re receiving the email because the payment is overdue.

The email also informs users that there has been a hard copy of a statement being sent to the user’s address. Included is a link that supposedly leads to a digital copy of the invoice. If users click on the link, a download will trigger for the Maktub Locker ransomware. The malware will then proceed to encrypt files on the user’s PC until the ransom has been paid. The fact that the hackers obtain the physical addresses of victims is a major cause for concern; they probably lifted the addresses from some online database.

If the user doesn’t pay the ransom as soon as possible, the cost of the ransom increases. ZDNet, which reported the appearance of this ransomware, reached out to the company whose email address was used to send a phishing message. Of course, the business had no connection whatsoever to the hacking attack. It’s just another classic example of a ransomware ruining the lives of innocent users and damaging the reputations of local business owners.

Ransomware’s ongoing rampage proves that not even the average user can be considered safe from frustrating malware infections and hacking attacks. All it takes to let ransomware into an infrastructure is one simple mistake: downloading the wrong file, or clicking on the wrong hyperlink. Ransomware, in particular, is cruel for business owners, as it has the power to cut them off from important files and resources that are required for daily operations. You need to take measures immediately to ensure that you, too, don’t fall victim to ransomware.

Some types of ransomware are capable of spreading throughout an infrastructure, encrypting more than just one solitary workstation. In a worst-case scenario, your entire network can fall victim to ransomware, leaving you with no way of continuing operations, save for a desperate last-minute backup restoration. You could also pay the ransom, but we don’t recommend doing so. If the hacker doesn’t provide the decryption key, you’re left with a hole in your wallet and you won’t be any better off for it.

Since ransomware is extraordinarily difficult to remove in most cases, your best bet to protect your systems is by using security best practices and educating your team on how to identify and avoid threats. It’s recommended that you consider a Unified Threat Management (UTM) solution to maximize your infrastructure’s security. To learn more, give us a call at (215) 247-8324.