A new ransomware threat, discovered by researchers at the Barracuda Advanced Technology Group, has launched some 20 million attacks in a single day, according to a Tuesday blog post from Barracuda Labs. And the 20 million is just the start, at the post said the number of attacks was “growing rapidly.”

In the post researchers called the ransomware campaign “aggressive,” and noted that a large volume of the attacks seemed to come from Vietnam. Additionally, India, Colombia, Turkey, and Greece were also hotbeds for these attacks.

The attacks are primarily coming through emails. Early on, emails that claimed to be from a company called Herbalife and an email claiming that a copier needed to be delivered were major drivers, the post said.

SEE: Cybersecurity spotlight: The ransomware battle (Tech Pro Research)

However, another email in the campaign has a subject line that reads: “Emailing -” followed by the name of the attached file. One example presented in the post said “Emailing — 10008009158.”

“There have been approximately 6,000 fingerprints, which tells us that these attacks are being automatically generated using a template that randomizes parts of the files,” the post said. “The names of payload files and the domains used for downloading secondary payloads have been changing in order to stay ahead anti-virus engines.”

Barracuda researchers also found out that the Locky variant with a single identifier, the post said. What this means is that, even if a victim pays the ransom, they will not get a decryptor for their files.

Additionally, the post also noted that the attack checks the victim’s computer for language files. This “may lead to an internationalized version of this attack in the future,” the post said.

The 3 big takeaways for TechRepublic readers

  1. A new ransomware attack has hit more than 20 million email attempts within a single day, according to the Barracuda Advanced Technology Group.
  2. The ransomware came from emails claiming to be from a company called Herbalife and emails claiming that a copier needed to be delivered.
  3. Researchers determined that the attackers are using a single identifier, meaning that victims who pay the ransom won’t have their files decrypted.