Categories: NewsSecurity

Locky Ransomware Is Back Once Again

Locky remains one of the largest ransomware threats to date. Although security researchers thought Locky would be replaced by a new type of ransomware, that may not be the case after all. Spam volumes for this “oldschool” malicious software threat are showing signs of increased activity, although there is no large-scale campaign to speak of just yet. Instead, the distributors are testing the waters with two smaller Locky campaigns, for the time being.

Will Locky Make A Surprise Return?

Depending on how these two smaller ransomware distribution campaigns play out, it is highly likely the world will be faced with a new Locky threat very soon. It has been quite some time since this particular type of malware has been distributed on a large scale, During the last Locky campaign, this malicious software was mainly distributed through the Necurs botnet, which has been silent as of December 2016.

The two recent low-volume malware spam campaigns may hint at what is to come, though.  Although there are less than 1,000 email payloads sent out so far, this could be nothing more than just a minor test. If these campaigns prove to be somewhat successful, security experts predict a new large-scale Locky campaign to occur over the coming weeks. If that is the case, a 70-fold increase in email payload volumes is to be expected.

Unfortunately, it appears these two smaller campaigns revolve around a slightly updated version of the Locky ransomware. In one case, the malware is distributed through a zip file within a zip file. The other variant uses the .rar extension. This seems to hint at how this is a mere test to see if changing up the file extension will trick more users into downloading and extracting the data archive.



Related Post

One tell-tale sign of how these email campaigns should be ignored is how they contain no email body, nor a subject line. All users receive is a blank email with an attachment, in which is another archived file is hidden. This second file extracts to a JavaScript file, which will download the Locky payload once it is executed on a computer.

However, researchers discovered this malicious JavaScript file does not only download the lucky ransomware payload. Instead, it also performs a GET request for the Kovter Trojan, which is often used in click-fraud schemes. This indicates that, even when a victim pays to get the Locky ransomware removed, they will still have to deal with the Kovter Trojan as well.

It is not the first time both Locky and Kovter are distributed through the same campaigns. Over the past few months, both variants of malicious software have been grouped quite often, and it remains this is a quite potent combination so far. Piggybacking on Locky ransomware distribution is a smart strategy by the Kovter developers. Then again, this “collusion” may hint at the close collaboration between the two teams.

If you liked this article, follow us on Twitter @themerklenews and make sure to subscribe to our newsletter to receive the latest bitcoin, cryptocurrency, and technology news.

JP Buntinx

JP Buntinx is a FinTech and Bitcoin enthusiast living in Belgium. His passion for finance and technology made him one of the world's leading freelance Bitcoin writers, and he aims to achieve the same level of respect in the FinTech sector.

Share
Published by
JP Buntinx

Recent Posts

Best Altcoins to Invest in Today: Qubetics Sets the Stage for Blockchain’s Future as Bitcoin Hits $108K and Litecoin Soars

The cryptocurrency world has always been a hotbed of innovation, attracting both seasoned investors and…

6 hours ago

Dogecoin Millionaire Predicts This Undervalued Altcoin Could Match DOGE’s 2021 Gains

Dogecoin's 2021 rally was a historic one, turning ordinary investors into overnight millionaires. This magnificent…

7 hours ago

Qubetics Presale Skyrockets to $7.5M as XRP and Arbitrum Lead Best Altcoins for Exponential Returns

The crypto market is always evolving, with big names like Bitcoin and Ethereum leading the…

8 hours ago

Over 300K Users Actively Mine Crypto On BlockDAG’s X1 Miner App While BNB Bulls Eye $3K; What’s XRP’s Price Target?

The crypto market is ablaze with excitement as altcoins like XRP and BNB make major…

8 hours ago

Best Crypto Presale To Buy Now: Rollblock Delivers For Holders With New License, Record Sign Ups and 7000+ Games

Rollblock is quickly becoming the best crypto presale to buy, delivering unmatched value for its…

11 hours ago

Polkadot And Uniswap Gearing For Post-Christmas Jump As Rollblock Raises $7.4 Million in Presale

While Rollblock's continues its crypto presale, with its value increasing regularly, Polkadot (DOT) and Uniswap…

12 hours ago