Andromeda is one of the longest running and most prevalent malware families to have existed. Andromeda was first discovered in late 2011 and it probably evolved from ngrBot/DorkBot. Throughout its existence, the groups behind Andromeda have use…
Locky is a considerable security threat that is now widely spread.
Today, we bring you a deep look into the latest ransomware called Locky. This new file encryptor, targeting PC users, has most likely been created by authors of the well-known Dridex botnet and is spread the same way.
Locky uses all “top class” features, such as a domain generation algorithm, custom encrypted communication, TOR/BitCoin payment, strong RSA-2048+AES-128 file encryption and can encrypt over 160 different file types, including virtual disks, source codes and databases.
We monitored the Locky family this past month and discovered a second variant of the malware, which has new features and program code improvements. Locky’s authors added a new hard-coded seed to the domain generation algorithm, which allows them to deactivate Locky on Russian PCs.
Locky is spreading via spam email campaigns that are similar to those used by the Dridex botnet. They use similar file names, obfuscation, email content and structure of download URLs.
We have observed three different campaign versions of Locky and have described them below.
Below is an example of one of the spam emails. The emails are designed to make people believe they were sent from large companies such as Nordstrom, Symantec and Crown Holdings.
Not very long ago, in a galaxy not far away, a group of cybercriminals decided to take advantage of the Star Wars effect to spread malware among the most impatient fans. A lot of people cannot wait to see Star Wars: The Force Awakens, and that’s something cybercrooks know. That’s why a lot of links […]
Apple users can no longer be complacent about security, as the number of infections and new threats rises.Read More
Cybercriminals spoof law enforcement officials in Dubai, Bahrain, Turkey, and Canada to send terror-alert spear-phishing emails containing Backdoor.Sockrat.Read More
If you found a USB stick, would you plug it into your laptop to see what’s on it? Sounds like a risky thing to do, but in a recent experiment in four major U.S. cities, that’s exactly what happened when 200 unbranded USB devices were left in public places. One in five people let their […]
As Google Play tightens their security measures on mobile apps, hackers are moving to third party app stores. Fake apps imitating popular apps were found on the Windows Phone Store earlier this week. Now a new batch of infected Android apps imitating the real deal have been found on unofficial third-party Android app stores. The new […]
Fake emails posing as order confirmations from local Japanese suppliers of printers and components are spreading Infostealer.Shiz. Be aware and be cautious of unsolicited emails.Read More