Locky Ransomware Variant Returns with a Vengeance

Old Ransomware Returns with A Bang

Many reports have reported 2016 as the year of ransomware.  This can much attributed to the ransomware variant, Locky.  However, in 2017, Locky ransomware has been on somewhat of a hiatus.  This lead to another ransomware variant, Cerber, becoming the most popular ransomware of 2017.

However, it appears Locky is back — in a big way.  According to ZDNet, a new Locky ransomware campaign was recently released, sending over 35,000 infected emails in just a matter of hours.  The infected emails include a two-part infection process.  First, there is a PDF attachment that the email recipients open, which asks for permission to open another file.  This time, it is a Word document, which requires macros to be enabled.  Once, the victim gets to this point, they become infected.

This new campaign has similar aftermath of previous Locky infections.  The ransomware will encrypt your files, and demand a payment for them to be released.  However, this new variant does differ in one way.  ZDNet reports,

“One difference from previous Locky versions is that the ransomware asks victims to install the Tor browser in order to view the ransom payment site, which researchers suggest is down to Tor proxy services frequently being blocked and the burden of maintaining a dedicated Tor2Web proxy site.”

The current ransom demand associated with this infection is one bitcoin, which currently is valued at $1,200.

 

Stop Responding to Threats.
Prevent Them.

Want to get monthly tips & tricks?

Subscribe to our newsletter to get cybersecurity tips & tricks and stay up to date with the constantly evolving world of cybersecurity.

Related Articles