Categories: NewsSecurity

Locky Ransomware Returns yet Again Thanks to the Necurs Botnet

Even though a lot of people had hoped Locky ransomware would finally disappear into obscurity, it appears we are not so lucky after all. In fact, researchers indicate the malware is making a rather surprising return, thanks to the Necurs botnet. A new dedicated spam campaign is underway to bring this ransomware to as many people as possible.

The Return of Locky Ransomware (Again)

It appears certain types of malware are incredibly difficult to weed out altogether. Whereas some types of ransomware are popular for a few weeks or months and then disappear, there are always exceptions. Locky ransomware, one of the most destructive types of malware, is back once again. This time, its developers are trying to spread this malicious software through the Necurs botnet, which has proven to be quite effective in its own right.

It has been quite some time since researchers came across Locky ransomware for the last time. In fact, it appears 2017 would be spent without having to worry about this threat ever again. Sadly, the harsh reality sets in, as a new spam email campaign has been discovered which is actively distributing the Locky payload to victims all over the world. It is also apparent this campaign uses similar techniques to some of the more successful Dridex banking trojan campaigns.

One silver lining is how the Locky payload itself has not undergone any notable changes. Successful

Related Post
ransomware developers often release updated versions of their creations, which include new features to avoid detection or force users to pay a bitcoin ransom. So far, that does not appear to be the case with Locky, which is some relief. However, with the methodology of distribution changing, the threat should not be ignored by any means.

As one would somewhat expect, criminals now distribute this malware through PDF files, which require the victim to download and open the email attachment. There are two different email variants being sent out right now, one of which contains text, whereas the other one is blank. Every email is linked to a “Payment” or “Receipt” subject line, which validates the email attachment in question. The PDF file has an embedded Word document which contains the payload.

Although it remains unclear whether or not this campaign heralds a new wave of Locky distribution, security researchers are concerned about this development. That is not entirely surprising since the notorious malware impacts various hospitals and other major organizations over the past few years. Malware-laden Word documents are becoming the favorite tool among cybercriminals when it comes to distributing malicious software, that much is evident.

The Necurs botnet has been used successfully in distributing the Dridex banking Trojan over the past few months. Now that criminals are using the same strategy for ransomware, it is impossible to tell how things will evolve moving forward. Now is a good time to be even more cautious than ever when it comes to opening emails from unknown senders. The Necurs botnet has been widely appreciated by criminals as of late, as it has been used for pump-and-dump stock plays, work-from-home scams, and even Russian dating advertisements.

If you liked this article, follow us on Twitter @themerklenews and make sure to subscribe to our newsletter to receive the latest bitcoin, cryptocurrency, and technology news.

JP Buntinx

JP Buntinx is a FinTech and Bitcoin enthusiast living in Belgium. His passion for finance and technology made him one of the world's leading freelance Bitcoin writers, and he aims to achieve the same level of respect in the FinTech sector.

Share
Published by
JP Buntinx

Recent Posts

Top Secrets to Identifying the Best Crypto to Buy This Week Before It’s Too Late!

In a world where the digital economy is growing at lightning speed, the race to…

7 hours ago

NYC Entrepreneur Wins Big with BTC: BlockDAG Could Be Next

Mia Sanders, NYC Entrepreneur, Made Millions by Investing in BTC: Could BlockDAG Be Next for…

1 day ago

Miami Artist Earns $5.2M with Solana: BlockDAG’s Future Prospects?

A Miami Artist's $5.2M Solana Success: Does BlockDAG Hold Equal Promises for 30,000x ROI? Success…

1 day ago

Chainlink And Aptos Investors Migrate To The Presale Of New Crypto Instant Funding Prop Firm FXGuys ($FXG)

Recent market trends show that the new DeFi coin, FXGuys ($FXG), has been the go-to…

1 day ago

Polkadot Price Prediction; Can XLM’s Rally Hold Strong as New Crypto Brings Passive Income? 

Curious about where the Polkadot price is headed? Or maybe you’re wondering if XLM’s rally…

1 day ago

Best Crypto Presale to Watch: Could This Be the Next 9000% Breakout Star?

Any investor can achieve outstanding profit by selecting the best crypto presale in the growing…

1 day ago