Lukitus Ransomware Continues Rooting in the Cyber Space

Lukitus Spreads Terror Among Net Users

Few of you might not be familiar with Locky ransomware and its capabilies, however, Lukitus might sound new. Unfortunately, Lukitus file-encrypting threat happens to be a new heir of Locky. It came as the backup to Diablo6 malware, both known under IKARUSdilpidated campaign[1]. Thus, you might be concerned only with one question – is it possible to escape this virtual menace?

Locky Gets Revived in the Form of Diablo6 and Lukitus

This is the latest variation of the infamous malware which became notorious after infiltrating hospital medical systems and companies last year. Since 2016, it earned the title as the most destructive and menacing crypto-malware along with Cerber.

This year the malware sticks mainly to its main distribution method – spam emails – even though RIG exploit kit and Dridex banking trojans also contributes to the transmission campaign.

Besides disguising under fake invoice and scanned pictures files coming with a short message “Files attached. Thanks”, the malware also exhibits a couple of new distribution campaigns. Some of latest Lukitus samples manifest anti-sandbox features.

IT researcher Marcelo Rivero suspects that the malware keeps a low profile when getting into an isolated environment.[2] However, closing the infected .doc file with the embedded macro settings results in a completely opposite reaction – the ransomware gets executed.
Further samples manifest that Lukitus may disguise under fake Dropbox account verification request and the “HoeflerText font was not found” notifications. Recently, its counterpart – “The Roboto Condensed font was not found” – emerged.

Are Linux and Mac OS Immune to Lukitus?

If you are looking for more secure alternatives, you might opt for Mac or Linux OS. Indeed, these operating systems have a better immunity against ransomware.

For instance, Linux OS has a very restricted set of privileges for users. In order to make any important changes, you have to go through the series of password-requiring stages. In addition, this system has significantly lower number of system vulnerabilities. Therefore, the chance of getting infected with Lukitus malware on either of these OS is very low.

Nonetheless, there are already cases of ransomware created for Linux and Mac OS, even though still undeveloped.[3]. In any case, update your security tools and do not open any file attachments without verifying the identity of a sender or enable shady browser extensions.

Ugnius Kiguolis