What is IKARUS dilapidated Ransomware?
The nasty ransomware Locky is surfacing again with its new variant named ‘IKARUSdilapidated’. This one was discovered by Comodo Threat Intelligence Lab. As per the researchers at Comodo the source of this ransomware is a botnet of zombie computers, corresponding to launching phishing attacks that send emails and attachments appearing to come from a targeted recipient’s trusted business-class multifunction printer.
This ransomware adopts a nasty campaign which uses emails to spread in the victim's computer, which use a popular printer model in the subject line to trick users into thinking this is a legitimate messages . One such message reads, “Scanned image from M-2600N”. MX-2600N is the model of a leading enterprise-class Sharp multifunction printer. But this message contained malicious JavaScript attachments, which if clicked initiated a dropper program that downloaded the IKARUSdilapidated ransomware.
How Does IKARUS dilapidated Ransomware Spread?
This is an extensive ransomware attack which is spread through emails, post the entry into the system it brings a new Trojan malware variant, which appears as an unknown file and can slip into unsuspecting and unprepared organization’s infrastructures. Within a short span of time, this coordinated ransomware attack, affected tens of thousands of users,who were using this email, they were being aimed by a simple-looking email with an attachment and little to no content in the email body. The attachment is an archive file, with the name “E 2017-08-09 (580).vbs,” (for each email, “580” is an ever-changing number and “vbs” is an ever-changing extension). The attachment has an infected file,which downloads “IKARUSdilapidated,” the newest member of the “Locky” ransomware family. Named after the appearances of “IKARUSdilapidated” in the code string, it is clearly related to the “Locky” Trojan and shares some of its characteristics.
Social engineering is the most common and effective method that is used to tempt users to download this ransomware. Once the user does as instructed, the macros saves itself and runs a binary file that downloads the actual encrypted Trojan. This trojan will encrypt all files that match hardcoded specific extensions, including the common ones on most machines. After encrypting, a message gets highlighted on the user’s desktop instructing them to download the Tor browser, which is popular because it allows anonymous browsing. Using the TOR browser it instructs to visit a specific web site for further information. The web site contains instructions that demand a ransom payment of between 0.5 and 1 bitcoin (currently, one bitcoin varies in value between 500-1000 Euros) to release the now-encrypted files to (hopefully) decrypt their files.
The Threat Intelligence Lab’s did an analysis of the thousands of emails sent in this phishing campaign. This analysis revealed that this attack had affected 11,625 different IP addresses in 133 different countries targeted by this campaign. Servers from Vietnam, India, Mexico, Turkey, and Indonesia were the most affected by this attack.
Tips to Prevent IKARUS dilapidated Ransomware from Infecting Your System:
1. Enable your popup blocker: Pop-ups and ads in the websites are the most adoptable tactic used by cybercriminals or developers with the core intention to spread malicious programs. So, avoid clicking uncertain sites, software offers, pop-ups etc.
2. Keep your Windows Updated: To avoid such infections, we recommend that you should always keep your system updated through automatic windows update. By doing this you can keep your device free from virus. According to the survey, outdated/older versions of Windows operating system are an easy target.
3. Third-party installation: Try to avoid freeware download websites as they usually install bundled of software with any installer or stub file.
4. Regular Backup: Regular and periodical backup helps you to keep your data safe in case the system is infected by any kind of virus or any other infection. Thus always backup important files regularly on a cloud drive or an external hard drive.
5. Always have an Anti-Virus: Precaution is better than cure. We recommend that you install an antivirus like McAfee or a good Malware Removal Tool like Ransomware Removal Tool.
6. Install a powerful ad- blocker for Chrome, Mozilla, and IE.
