Criminals Distribute Locky Ransomware To 2014 OPM Data Breach Victims

Locky is one of the most potent forms of crypto-ransomware in existence today. Even though security researchers try to combat this malware, the developers remain one step ahead. In fact, a new phishing campaign distributing Locky ransomware has been discovered, which targets 22 potential victims. All of these users were part of the US Office of Personnel Management data breaches in 2014 and 2015.

Criminals always find news ways to target potential victims with malware and ransomware. Even though the data breaches affecting the Office of Personnel Management took place nearly two years ago, the information remains valid to this day. A lot of sensitive personal information was obtained by hackers, and they will direct target campaigns to different types of victims.

A New Locky Ransomware Campaign is Underway

One of those campaigns is already underway, as criminals impersonate OPM representatives. These individuals target government contractors and workers whose information was stolen during the attack. By sending phishing messages to these victims, recipients are asked to examine an attached file. This particular file is a ZIP file which executes the Locky payload when opened.

To make the emails seem less suspicious, they all contain the signature of OPM account Manager Elis Lucas. Since most of these victims are aware of the data breach involving their information, they are more likely to trust the email source. That is exactly what criminals are capitalizing on with this Locky ransomware campaign.

So far, over 320 different unique attachments have been identified by PhishMe. It has become evident the Locky payload is hosted on various command and control servers around the world. This indicates the large-scale campaign will not be halted that easily by law enforcement and security researchers.

As one would expect from a Locky distribution attack, victims will have to pay a Bitcoin fee to restore file access. For now, the exact amount remains unclear and seems to vary from victim to victim. Albeit Locky has been around for nearly eight months now, it continues to be one of the biggest malware threats the world has faced to date.

That being said, it is certainly possible to tackle this issue head-on. Educational regarding malware and phishing campaigns is direly needed; that much is certain. All of this is much easier said than done, though. Consumers always pose a security risk, regardless of if they are targeted or not.

Header image courtesy of Shutterstock