On September 19th, US cybersecurity firms announced that they have been tracking an “aggressive” new ransomware attack. The ransomware threat appears to have originated largely in Vietnam, although other sources have been traced back to India, Columbia, Turkey, and Greece.

This latest attack, following right on the heels of WannaCry and Petya, has been identified by Barracuda researchers as a Locky variant with a single identifier. The significance of the single identifier is worth noting: since there are no unique identifiers for each victim, it’s impossible for the attackers to determine who has paid a ransom and who hasn’t. This indicates that the criminals have no intention of sending decryption keys to the victims who pay the ransom.


This threat should not be ignored. Cybersecurity experts monitored over 20 million attempted attacks within the first 24 hours of identifying the threat, and that number has been growing steadily since.


Current reports show that these attacks are coming in the form of spoof emails, usually branded with “Herbalife” logos or disguised as a “copier” file delivery. Though cybersecurity experts are working to stop this attack, the attackers are using randomly-generated payload files to stay ahead of anti-virus updates.

We’ve already seen a few businesses in Utah affected by this attack, so we wanted to remind everyone about the importance of a reliable, robust data backup system.

While some businesses are losing days of productivity due to encrypted workstations and servers, our clients who have chosen to protect their data and infrastructure with an Acronis or CrashPlan backup solution are experiencing ZERO downtime. A proper business continuity strategy makes all the difference in these situations, and these solutions have proven an essential part of such a strategy.

These unfortunate attacks are becoming more frequent and more difficult to contain. If your business hasn’t already been targeted, we urge you to consider the value of your data and the importance of your network’s integrity. Can you afford to lose days or weeks to a ransomware attack?

You don’t have to.

If you have any questions about this latest ransomware attack or would like to know more about business continuity solutions from Acronis or CrashPlan, speak to a Nexus cybersecurity expert at (435) 659-2533 or (801) 839-7006.