Locky

Pierluigi Paganini September 13, 2018
New PyLocky Ransomware stands out for anti-machine learning capability

Security experts from Trend Micro have spotted a new strain of ransomware involved in attacks in July and August, the malicious code was posing as the Locky ransomware. Researchers at Trend Micro have detected a new ransomware family, dubbed PyLocky, that was used in attacks between July and August, the malware was posing as the Locky ransomware using its ransom […]

Pierluigi Paganini September 02, 2017
Experts spotted a malware campaign using HoeflerText Popups to push RAT Malware

Experts spotted a new EITest campaign leveraging HoeflerText Popups to target Google Chrome users and push NetSupport Manager RAT or Locky ransomware Security expert Brad Duncan with both the SANS Internet Storm Center and Palo Alto Networks’ Unit 42, has spotted a malware campaign leveraging bogus popups that alert users to a missing web-font. The crooks are targeting Google […]

Pierluigi Paganini February 07, 2017
Phishme observed operators behind Locky and Sage ransomware share delivery infrastructure

PhishMe security researchers discovered that the Locky and Sage ransomware were recently observed being distributed by the same delivery infrastructure. It’s a common habit of cyber criminals to share delivery infrastructure to maximize the use of their resource and minimize the cost, Recently the Locky ransomware was observed being distributed through the delivery infrastructure used […]

Pierluigi Paganini January 21, 2017
Necurs botnet is back and starts delivering the Locky ransomware

Cisco Security Team has noticed traces of traffic from the dormant Necurs botnet and they are warning of a possible new massive ransomware spam campaign. Security researchers at Cisco Security Team have noticed traces of traffic from the dormant Necurs botnet and they are warning of a possible new massive ransomware spam campaign. “The research […]

Pierluigi Paganini December 12, 2016
Ransomware infections suffered by companies tripled in 12 months

According to a new report published by Kaspersky Lab, the number of ransomware infections suffered by companies threefold from January to September. The number of ransomware infections suffered by companies continues to increase and according to a new report published by the security firm Kaspersky Lab, it increased threefold from January to September. One in every five businesses […]

Pierluigi Paganini November 25, 2016
ImageGate attack – How to spread malware via poisoned .JPG

Security experts from Checkpoint have discovered a new malware-based campaign through Facebook leveraging an image obfuscation trick dubbed ImageGate. Security experts from Checkpoint have discovered a new malware-based campaign through Facebook. Crooks leverage an image obfuscation trick, dubbed ImageGate, to spread the Locky ransomware via Facebook. Experts highlighted that the image obfuscation trick is able to bypass Facebook’s security checks. “Check […]

Pierluigi Paganini October 16, 2016
Symantec observed a surge of spam emails using malicious WSF files

Symantec observed a significant increase in the number of email-based attacks using malicious Windows Script File (WSF) attachments. Experts from Symantec are observing a significant increase in the number of email-based attacks leveraging malicious Windows Script File (WSF) attachments.  Over the past three months, threat actors have adopted the tactic in the wild, mostly criminal […]

Pierluigi Paganini August 02, 2016
Afraidgate campaign switches from CryptXXX to Locky Ransomware

Operators behind the Afraidgate campaign continue to leverage on Neutrino EK, but switches from CryptXXX to Locky Ransomware. According to the experts from Palo Alto Networks, one of the most long-lived hacking campaigns leveraging on the Neutrino EK switches from CryptXXX to the Locky Ransomware. The campaign dubbed Afraidgate due to the name of the gate domains (using name servers from […]

Pierluigi Paganini July 28, 2016
Locky Ransomware now relies on JavaScript instead downloaders 

A new ransomware campaign relies on a Locky variant that is distributed through JavaScript that includes the binary of the threat itself. Locky is one of the most infamous threats of the ransomware family and according to the experts it is in continuous evolution. The threat has been using JavaScript attachments as a distribution mechanism, but most […]

Pierluigi Paganini July 07, 2016
New Locky variant – Zepto Ransomware Appears On The Scene

New threat dubbed Zepto Ransomware is spreading out with a new email spam campaign. It is a variant of the recent Locky Ransomware. The news was recently reported in a blog post by the Cisco Talos team: “We are watching Zepto very carefully. It’s closely tied to Locky, sharing many of the same attributes,” said Craig Williams, […]