The godfather of ransomware returns: Locky is back and sneakier than ever | ZDNet

Cybersecurity researchers at Cisco Talos have observed a surge in emails distributing Locky, with over 35 thousand emails sent in just a few hours. This surge in distribution is being attributed to the Necurs botnet, which until recently focused on spamming pump-and-dump stockmarket scams.

This time, however, the Locky campaign is harnessing an infection technique associated with the Dridex botnet, in an effort to boost the chance of compromising targets.

As noted by cybersecurity researchers at PhishMe, this new form of Locky begins by using a familiar tactic — a phishing email with an attached file the message claims is a document detailing a payment or scanned documents. But rather than the more common practice of attaching a compromised Office document, an infected-PDF is sent instead.

via The godfather of ransomware returns: Locky is back and sneakier than ever | ZDNet.

There is the constant struggle to protect as much as you can from these menaces, whilst keeping end users happy; unfortunately, a lot of users don’t see it as their problem or think it will never happen to them.

Sadly, I’ve been hit twice, once I was not prepared for it and it crippled me for about a week; thankfully backups got me up and running again, I just needed to locate the source of the infection and kill it before restoring, or it would have been pointless to do so. The second time I was prepared, and several attempts for the infection to kidnap my data was thwarted thanks to some cunning software.

No matter how many times you tell people not to open suspicious emails, they still strive head on, end users are just too inquisitive, they just need to open everything forgoing any rational thought or consequence.

I’d like to block every single attachment, but I can’t, so I block anything that is macro enabled or executable, and with PDFs once again being targeted it’s going to get much harder.

If it was down to me, I’d fine members of staff or get HR involved for disciplinaries, End Users need to take responsibility for the safety of the organisations’ data, as an I.T. Professional I can do my part (subject to funding), end users need to do theirs.



2 thoughts on “The godfather of ransomware returns: Locky is back and sneakier than ever | ZDNet”

  1. Today is another good example of where a single end user could have been responsible for the NHS system being compromised. It is being reported as a cyber attack, indicating a target, however, I’m more inclined to think it’s a spam email with a payload that has been released on a system-critical network.

    “NHS services across England and Scotland have been hit by a large-scale cyber-attack that has disrupted hospital and GP appointments.
    The prime minister said the incident was part of an untargeted wider attack affecting organisations globally.
    Some hospitals and GPs have been unable to access patient data, after their computers were locked by a ransomware program demanding a payment worth £230.
    But there is no evidence patient data has been compromised, NHS Digital said.
    The BBC understands about 40 NHS organisations and some GP practices have been hit. The NHS in Wales and Northern Ireland has not been affected.”

    Via: BBC NEWS –

Leave a Reply