Locky Ransomware Developers One-Up Security Researchers Yet Again

It has been quiet around once-popular Bitcoin ransomware Locky for quite some time now. That doesn’t mean, however, that its developers have given up on the project. A new version of this malware contains new tricks to avoid detection and deletion. By targeting new types of malicious email attachments in spam campaigns, it has become easier to distribute the payload (that is until a solution is created).

Locky’s Reign of Terror Is Far From Over

A new report by Microsoft Malware Protection Center goes to show that Locky

ransomware is anything but dead right now.  Even though security researchers managed to slow down the distribution of this malware in recent weeks, its developers have taken on the challenge to one-up the good guys. Instead of using the default .wsf file extension, they now distribute malware as LNK files, which act as shortcuts.

Although these files are still embedded within zip files, automatic spam filters will not pick up any malicious files right now. Moreover, the Locky distributors use clever names for these shortcut files, including terms such as “bill” and “invoice”. In most cases, users will open these files without giving it a second thought.

Once the user executes this LNK file, a PowerShell will be opened on the host computer. In the background a Trojan downloader is started, which will download and execute Locky in a temporary folder. At this stage all hell will break loose for the computer user or owner, as they will be locked out of their files in quick succession.

Related Post



While it remains to be seen what this means for the future of Locky, it is a worrisome trend, to say the least. The malware has been a fan favorite among online criminals and has been used to attack hospitals. Moreover, the recent “technical update” presented by its developers has brought more attention to this malware than ever before. Despite being around for nearly eight months now, Locky remains one of the most potent ransomware threats in the history of malware.

To make matters even worse, there are nearly a dozen different variants of Locky ransomware in circulation right now. All of these “strains” attempt to avoid detection in their own way, making it nearly impossible for security researchers to come up with solutions. For now, standard advice remains not to open any suspicious email attachments, particularly not when embedded as a zip file.

If you liked this article, follow us on Twitter @themerklenews and make sure to subscribe to our newsletter to receive the latest bitcoin, cryptocurrency, and technology news.

JP Buntinx

JP Buntinx is a FinTech and Bitcoin enthusiast living in Belgium. His passion for finance and technology made him one of the world's leading freelance Bitcoin writers, and he aims to achieve the same level of respect in the FinTech sector.

Share
Published by
JP Buntinx

Recent Posts

Crypto Whale Sparks 8x Surge In $OPK Price with Massive Buy-in

A mysterious crypto whale, who previously invested 9,600 SOL into tokens $Pnut and $FRED, has…

31 mins ago

Early ENS Investor Transfers $2.47M To Binance Amid Upcoming Token Unlocks

An early investor linked to the $ENS token recently transferred 154,000 ENS tokens, valued at…

34 mins ago

Wintermute’s Memecoin Strategy: BABYDOGE Ranks Among Top 3 Holdings

In a surprising turn, $BABYDOGE has climbed to the top three in Wintermute’s memecoin holdings…

41 mins ago

$Pnut’s Meteoric Rise: How A Tragic Squirrel Inspired A Memecoin Sensation

The $Pnut memecoin recently soared past a $120 million market cap, creating unexpected wealth for…

47 mins ago

Political Memecoins And High-Stakes Bets Surge As Election Approaches

With election season heating up, political memecoins like $PEOPLE, $MAGA, $HARRIS, and $TRUMP are surging.…

53 mins ago

TRX Price Prediction: Tron Network Fee Cut to Spark New ATH?

Back into Spotlight: Tron Network Fee Cut Could Push TRX to ATH, But This DeFi…

10 hours ago