The proliferate Locky ransomware is reportedly resurging in a new variant dubbed Diablo6. Locky's latest variant is reportedly being distributed across the globe via a fresh spam campaign. The cybercriminals operating the new Locky variant are reportedly demanding a ransom payment of $1,600 (£1,200).
It is still uncertain if Locky's comeback is just a brief resurgence or cybercriminals' efforts to once again make the ransomware the dominating player in cyberspace. However, according to a report by Bleeping Computer, the spam campaign pushing the new Locky variant is strong and is targeting a wide range of victims.
The hackers operating Locky's new variant have allegedly crafted the spam emails to include extremely limited text. The emails' body just reads "Files attached. Thanks," while the subject of the email was just found to contain a random date. The emails also contain a ZIP file attachment with a malicious script that downloads the Locky ransomware onto the victims's systems.
Similar to other traditional ransomware variants, once the new variant of Locky has been downloaded and executed on the victims' systems, it scans for files and encrypts them. Once files have been encrypted, Locky then removes the downloaded executable and displays a ransom note, which also comes with instructions on how to go about making payments. Bleeping Computer reports that at present, there is no way to decrypt files that have been encrypted by Locky's Diablo6 variant.
In April, researchers at Cisco Talos said that they observed a significant resurgence of Locky, with over 35 thousand emails sent to victims in just a few hours.
A recent study by Google said that victims of ransomware have paid nearly $25m in ransoms over the past two years, indicating that this is one of the most profitable tools by which cybercriminals make money. The massive WannaCry and NotPetya ransomware attacks that shook the globe earlier in the year, are also considered to be indicators of ransomware attacks gaining ground to wreak widespread havoc.