1. vemn

    Survival of the Fittest: Why Locky Ransomware is Back

    Read more here : Survival of the Fittest: Why Locky Ransomware is Back | SecurityWeek.Com
  2. silversurfer

    Malware Alert Locky Uses DDE Attack for Distribution

    While continuing to spread via spam emails sent by the Necurs botnet, the Locky ransomware has switched to new attack techniques in recent campaigns, in an attempt to evade detection and improve infection rate. One of the methods involves the use of the Dynamic Data Exchange (DDE) protocol...
  3. E

    Locky Downloader upgrades itself with GeoIP Check

    In the ongoing spam campaign of Locky, there is a small upgrade made by attackers in the delivery mechanism. The VBScript based downloaders have added a Geo IP check. Based on the geographical region in which the user is located, it either downloads Locky or Trickbot. Two in One - Locky +...
  4. silversurfer

    Malware Alert Locky Ransomware Campaign Ramps Up

    The Locky ransomware family that dominated the charts last year has returned, and has been distributed through high volume campaigns over the past week. Closely tied to the activity of the Necurs botnet, Locky has been nearly completely absent from the threat landscape this year. Following...
  5. frogboy

    Malware Alert Warning: Two Dangerous Ransomware Are Back – Protect Your Computers

    Ransomware has been around for a few years but has become an albatross around everyone's neck—from big businesses and financial institutions to hospitals and individuals worldwide—with cyber criminals making millions of dollars. In just past few months, we saw a scary strain of ransomware...
  6. L

    Malware Alert NEW Ukrianian Locky Variant "OSIRIS" targets Excel documents.

    The infamous Locky ransomware has once again switched to a new extension to append to encrypted files, but reverted to malicious Office documents for distribution, security researchers have discovered. The latest Locky variant is appending the .osiris extension to encrypted files, marking a...
  7. splinter_code

    Malware analysis Locky Ransomware is back: a detailed technical report

    Locky Ransomware is back! 49 domains compromised. Locky ransomware starts up again his illegal activity to steal money from their victims after a break since the end of May. This time it comes with hard-coded javascript downloader making it harder for traditional protection solutions to spot the...
  8. frogboy

    Germany, France Hit Most by Locky Ransomware: Kaspersky

    While it has been roughly two months since it was first spotted, the Locky ransomware has become a global threat, targeting users in 114 countries. While the threat has infected systems around the world, a heavy concentration of attacks have registered in Germany and France, Kaspersky Lab says...
  9. Jrs30

    Analysis of the Locky infection process

    In recent months, there has been a significant increase in the number of networks and users affected by ransomware known as Locky, which is used to encrypt a victim’s files and then demand a ransom to be paid in bitcoins. But, how does this threat manage to infiltrate computer systems and hijack...
  10. bunchuu

    Crypto-Ransomware Vaccine from Bitdefender (BD Anti Ransomware)

    Recently, I stumbled on article from Bitdefender blog that claim they have released "a new vaccine tool which can protect against known and possible future versions of the CTB-Locker, Locky and TeslaCrypt crypto ransomware families" Their previous vaccine/version seem to protected /appdata and...
  11. frogboy

    Nasty Trojan Spreads Global Ransomware via Email

    A fresh wave of infected emails is swirling around the globe, carrying a nasty ransomware payload. ESET is warning of an increased number of infected emails containing a malicious attachment, which downloads and installs ransomware onto an infected device. ESET telemetry detects this malicious...
  12. Av Gurus

    Today's top ransomware families are CryptoWall, Locky, and TeslaCrypt, in this order.

    The data was gathered by Fortinet using its Intrusion Prevention System (IPS) system. The company logged traffic from infected machines to IPs known to belong to ransomware C&C servers. The information Fortinet collected does not indicate the number of infected victims, but shows in...