Latest Locky Ransomware Distribution Campaign Targets Windows XP and Vista Users

There is good news and bad news when it comes to the infamous Locky ransomware strain. The bad news is how this type of malware has received another update and is now being distributed via a spam campaign. The good news is how it only targets Windows XP and Vista users. This latter part is not necessarily all that good, though, as a lot of consumers and corporations still rely on these operating systems.

The Revamped Locky may Land in Your Mailbox Soon

A lot of people will not be too happy about Locky making yet another return. Over the past few years, Locky has been one of the most popular and troublesome types of ransomware the world has seen. Sadly, it does not appear the original developers are done with causing havoc just yet, as an updated version is actively being distributed by the Necurs botnet. More specifically, a massive spam email campaign aims to deliver the Locky payload to computer users all over the world.

What is even more worrisome is how the new Locky version will only target computers running either Windows XP or Windows Vista. Some people may think these operating systems are rather uncommon these days, but that is anything but the case. More specifically, Windows XP and Windows Vista are two very common operating systems among consumers and enterprises alike. One would expect an operating system to be upgraded to the latest version whenever possible, but very few people take the time to do so.

It is not entirely surprising to see Locky make such a big return all of a sudden. It is widely believed the people running the Necurs botnet have close ties to the development of Locky ransomware. Moreover, it is also believed this same group is responsible for the recently discovered Jaff ransomware, which has proven to be quite a potent threat over the past few weeks.

Then again, it does not appear the Jaff ransomware will pose much of a threat in the near future. More specifically, security researchers discovered a fatal weakness in the malware’s encryption routine, and a free decryption tool has been created as a result. Do keep in mind Jaff and Locky use very different types of encryption, and it is still impossible to get rid of the Locky ransomware infection through a decryption tool. It is unclear if the recent Jaff flaws could help in this regard, yet it seems highly unlikely right now.

It appears the Locky developers are in quite a rush to distribute their malware, though. The reason why this new version only affects Windows XP and Windows Vista is mainly due to the developers rushing the deployment of this new spam campaign. In doing so, they made some glorious issues. Any system running Windows 7 or later is equipped with Data Execution Prevention. This particular tool prevents ransomware installation and renders this latest Locky version virtually useless against recently updated Windows machines.

One thing is rather evident, though: the developers are very passionate about distributing Locky right now. More specifically, this new email spam campaign attributes for 7.2% of global email spam. That is a rather alarming number, albeit it is to be expected at this point. As is usually the case, the payload is distributed through emails with a malicious attachment in the form of a ZIP file. Rest assured this email campaign will make quite a lot of victims in the process.

If you liked this article, follow us on Twitter @themerklenews and make sure to subscribe to our newsletter to receive the latest bitcoin, cryptocurrency, and technology news.