Categories: NewsSecurity

Two New Locky Ransomware Variants Have Been Identified

Locky ransomware is the biggest type of malware threatening both consumers and enterprises around the globe today. Even though this malware has been in existence for quite some time now, new variants are still being discovered on a regular basis. A new report by Netskope goes to show that the Locky threat is only becoming more severe as time progresses.

Two New Locky Variants Everyone Should Take Note Of

Even though Locky ransomware exists in many different forms, two new variants have sprung up which demand everyone’s immediate attention. First of all, there is the AESIR variant, which seems to be the most severe threat of the two. As some would expect, this new variant will also change encrypted filenames to the AESIR extension.

What is rather disturbing about this new ransomware is how it contains a variables array, which will download the Locky executable from any of its available servers. The malicious payload is hidden inside a VBS script, which is downloaded to the TEMP folder on the computer. Once that has been taken care of, all hell will break loose rather quickly.

The ransom message shown by the AESIR ransomware

is very similar to that of Locky, which is not surprising. However, there are some minor changes in the ransom notes. Interestingly enough, the recovery instructions are virtually the same as the ones found in Locky itself, which further confirms the correlation between both payloads. Victims are still redirected to a Tor-hosted web page to complete the Bitcoin payment and receive the decryption key.



Related Post

The second new variant of Locky is called ZZZZZ and is a near copy of the AERIS variant. However, there are two changes to take note of. First of all, there is the different payload extension, and the decrypted payload uses a different extension as well. For security researchers, this is valuable information that may help them combat these threats at an early stage. 

All of the underlying codebase found in the ZZZZZ variant is nearly identical to Locky, including the original recovery instructions. To make it even more intriguing, both of these new variants are distributed in the same manner as the original Locky ransomware. Other than minor payload extension changes, all types of malware behave in the same manner. But that is also what makes them so incredibly dangerous.

It is evident that Locky ransomware remains the biggest threat to our online society, even when it is repackaged into slightly different variants. Criminals want to make sure that their payload evades detection from antivirus and anti-malware tools, and these minor modifications allow them to do so. Moreover, these two new variants hint at the usage of a Locky payload “toolkit” to create new forms of malware. This is a very disturbing development, to say the least.

If you liked this article, follow us on Twitter @themerklenews and make sure to subscribe to our newsletter to receive the latest bitcoin, cryptocurrency, and technology news.

JP Buntinx

JP Buntinx is a FinTech and Bitcoin enthusiast living in Belgium. His passion for finance and technology made him one of the world's leading freelance Bitcoin writers, and he aims to achieve the same level of respect in the FinTech sector.

Share
Published by
JP Buntinx

Recent Posts

Best Altcoins to Invest in Today: Qubetics Sets the Stage for Blockchain’s Future as Bitcoin Hits $108K and Litecoin Soars

The cryptocurrency world has always been a hotbed of innovation, attracting both seasoned investors and…

4 hours ago

Dogecoin Millionaire Predicts This Undervalued Altcoin Could Match DOGE’s 2021 Gains

Dogecoin's 2021 rally was a historic one, turning ordinary investors into overnight millionaires. This magnificent…

5 hours ago

Qubetics Presale Skyrockets to $7.5M as XRP and Arbitrum Lead Best Altcoins for Exponential Returns

The crypto market is always evolving, with big names like Bitcoin and Ethereum leading the…

6 hours ago

Over 300K Users Actively Mine Crypto On BlockDAG’s X1 Miner App While BNB Bulls Eye $3K; What’s XRP’s Price Target?

The crypto market is ablaze with excitement as altcoins like XRP and BNB make major…

6 hours ago

Best Crypto Presale To Buy Now: Rollblock Delivers For Holders With New License, Record Sign Ups and 7000+ Games

Rollblock is quickly becoming the best crypto presale to buy, delivering unmatched value for its…

9 hours ago

Polkadot And Uniswap Gearing For Post-Christmas Jump As Rollblock Raises $7.4 Million in Presale

While Rollblock's continues its crypto presale, with its value increasing regularly, Polkadot (DOT) and Uniswap…

10 hours ago