- Jun 9, 2013
- 6,720
Security researchers have discovered that white hat crusaders are substituting versions of ransomware with dummy files.
Avira security expert, Sven Carlsen, explained in a blog post this week that his team discovered the unlikely campaign after downloading a version of what it thought was the Locky ransomware.
“But in place of the expected ransomware, we downloaded a 12kb binary with the plain message ‘Stupid Locky’,” he claimed.
“It seems that someone was able to access one of the command and control servers and replaced the original Locky ransomware with a dummy file. And I do mean dummy in the fullest expression of the word.”
The malware itself is typically hidden inside a malicious email attachment masquerading as an invoice, with users tricked into starting the infection process via classic social engineering.
“The JavaScript inside the attachment is usually obfuscated which means the real content isn’t visible or understandable for the reader,” Carlsen explained.
“Within the JavaScript itself is a domain generation algorithm for connecting and downloading the original Locky ransomware from the criminals’ server. Additionally, the downloader directs where the malicious files have to be copied to within the infected system as well as executes the downloaded file.”
The news is somewhat heartening given the soaring rate of ransomware infections currently underway, although it represents just a drop in the ocean in terms of a fightback.
Full Article. Hackers Replace Ransomware with Dummy File
Avira security expert, Sven Carlsen, explained in a blog post this week that his team discovered the unlikely campaign after downloading a version of what it thought was the Locky ransomware.
“But in place of the expected ransomware, we downloaded a 12kb binary with the plain message ‘Stupid Locky’,” he claimed.
“It seems that someone was able to access one of the command and control servers and replaced the original Locky ransomware with a dummy file. And I do mean dummy in the fullest expression of the word.”
The malware itself is typically hidden inside a malicious email attachment masquerading as an invoice, with users tricked into starting the infection process via classic social engineering.
“The JavaScript inside the attachment is usually obfuscated which means the real content isn’t visible or understandable for the reader,” Carlsen explained.
“Within the JavaScript itself is a domain generation algorithm for connecting and downloading the original Locky ransomware from the criminals’ server. Additionally, the downloader directs where the malicious files have to be copied to within the infected system as well as executes the downloaded file.”
The news is somewhat heartening given the soaring rate of ransomware infections currently underway, although it represents just a drop in the ocean in terms of a fightback.
Full Article. Hackers Replace Ransomware with Dummy File