Survival of the Fittest: Why Locky Ransomware is Back

vemn

Level 6
Thread author
Verified
Malware Hunter
Well-known
Feb 11, 2017
264
In the cat-and-mouse game between security providers and malware authors, cybercriminals keep innovating and experimenting – a dynamic seen in the recent resurgence of the Locky ransomware.

From a security perspective, 2016 was certainly “The Year of Locky.” In one single day last year, our systems caught 37 billion Locky emails, dwarfing the size of other malware campaigns. But Locky went quiet at the beginning of 2017, and aside from a brief revival here and there, it slipped from the conversation.

But – voila! – August arrived, and Locky experienced a major resurgence, which continues to this day. There’s a small, instructive story there – or at least a theory of mine – which shines a light on the Darwinism of the “malware marketplace.”

Wasn’t Jaff the “New Locky?”

Earlier this year I was trying to figure out why Locky stopped – it had been tremendously successful. Then along came the Jaff ransomware in May. Aha! Jaff is widely understood to be from the same cybercriminal gang behind Locky and the Dridex banking trojan (among others), and it seemed to hold answers to Locky’s mysterious disappearance.

To provide a quick background on Jaff – it came to full active life the same week as the headline-grabbing WannaCry. Many may have missed it, but my security lab team and I were certainly aware of it – in fact, the day before WannaCry took off (May 12), our security cloud caught 65 million Jaff ransomware emails delivered by the Necurs botnet. But because of the impact of WannaCry, Jaff got little attention outside of the security lab community.

Given the fact that Jaff was being distributed by the same botnet as Locky, it made sense that Jaff had perhaps replaced Locky, or at least become the favored weapon. It appeared to be a new, improved Locky in many ways – we even referred to it as “Locky 2,” and speculated amidst the WannaCry outbreak that it might be the more concerning ransomware to watch.

Read more here : Survival of the Fittest: Why Locky Ransomware is Back | SecurityWeek.Com
 

stacydhunter

Level 1
Oct 30, 2017
5
Locky was one of the major forms of ransomware to become successful globally. It is being spread to Necurs botnet. Locky is distributed via spam emails, this particular campaign send them in form of PDF attachments. It remains risk to the organization as it has strong cryptography.
 

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top