Cybercriminals launched a new spam campaign for the simultaneous distribution of two extortion programs - Locky and FakeGlobe. Victims are forced to pay ransoms twice, fearing losing their data. This was reported by researchers from Trend Micro in his blog.

During the new malicious campaign, hackers simultaneously use Locky's extortion software, first introduced in early 2016, and a similar extortion program called FakeGlobe. Computers victims, passing on a malicious link in a spam letter, can be infected first Locky, and after an hour FakeGlobe. A similar format of the campaign increases the chances of re-infection, the researchers note.. The geography of spam mailing covers more than 70 countries, mainly affecting users from Japan (25%), China (10%) and the United States (9%).

Letters contain a link and a malicious attachment disguised as an invoice or receipt.

The script in the attachment is similar to what is in the archive, downloaded by reference, but they connect to different URLs for downloading the extortion software. One of them loads Locky, the second - FakeGlobe. With the sequential infection of Locky and FakeGlobe, the victim files are encrypted several times, that is, users will have to pay twice to redeem or lose their data.

The ultimate goal of the attackers is financial gain. This campaign is a clear example of how hackers are developing more aggressive methods to achieve their goals, said Trend Micro security researcher Ed Cabrera,.