Locky Ransomware Variant Returns with a Vengeance

Old Ransomware Returns with A Bang

Many reports have reported 2016 as the year of ransomware.  This can much attributed to the ransomware variant, Locky.  However, in 2017, Locky ransomware has been on somewhat of a hiatus.  This lead to another ransomware variant, Cerber, becoming the most popular ransomware of 2017.

However, it appears Locky is back — in a big way.  According to ZDNet, a new Locky ransomware campaign was recently released, sending over 35,000 infected emails in just a matter of hours.  The infected emails include a two-part infection process.  First, there is a PDF attachment that the email recipients open, which asks for permission to open another file.  This time, it is a Word document, which requires macros to be enabled.  Once, the victim gets to this point, they become infected.

This new campaign has similar aftermath of previous Locky infections.  The ransomware will encrypt your files, and demand a payment for them to be released.  However, this new variant does differ in one way.  ZDNet reports,

“One difference from previous Locky versions is that the ransomware asks victims to install the Tor browser in order to view the ransom payment site, which researchers suggest is down to Tor proxy services frequently being blocked and the burden of maintaining a dedicated Tor2Web proxy site.”

The current ransom demand associated with this infection is one bitcoin, which currently is valued at $1,200.


 2,167 total views,  2 views today

(Visited 1 times, 1 visits today)

1 thought on “Locky Ransomware Variant Returns with a Vengeance”

  1. OK so it’s new & probably more sophisticated.
    But what can we do about it.
    It’s long been obvious that most ransomware seems to be damned good at penetrating the average PC protections.
    It used to be that the PC operator needed to do something foolish to allow infection but that now seems not to be the case.
    I myself am regularly targeted by “googleapis” so I am one step away from a full blown ransom incident. Worse discovering how to avoid the initial attack is nigh impossible, I have tried 5 different AV’s without any success.

Leave a Comment

Your email address will not be published.

This site uses Akismet to reduce spam. Learn how your comment data is processed.