Throughout the year, Forcepoint’s researchers been monitoring key milestones in Locky’s evolution; from its birth in February and the addition of virtual machine (VM) and analysis tool countermeasures in June, to its use of off line encryption in July and an intermediate downloader in September.
Locky is distributed through exploit kits on infected websites and emails via infected MS Office and ZIP file attachments. The ransomware seeks to encrypt any files it can find, usually with a “.locky” extension (newer variants use the .zepto, .thot and .zzzzz extensions), before demanding payment in Bitcoin.
Carl Leonard, Principal Security Analyst at Forcepoint:
“Locky has been a growing menace in 2016. Its constantly changing distribution technique and functionality has been used to successfully extort many people’s money. In the face of continually evolving malware and ransomware strains it is important for businesses to stay vigilant and ensure they complement strong IT defences with security best practice. As always, it is important to back up and archive business critical data and only open email attachments from trusted or verified senders.”
Most Commented Posts
2020 Cybersecurity Landscape: 100+ Experts’ Predictions
Cyber Security Predictions 2021: Experts’ Responses
Experts’ Responses: Cyber Security Predictions 2023
Celebrating Data Privacy Day – 28th January 2023
Data Privacy Protection Day (Thursday 28th) – Experts Comments
Most Active Commenters
Meta’s fine over data privacy breaches underscores the critical challenges…
Hi, Thanks, that is really useful information. I do have…
“This is a very worrying attack that hit T-Mobile and…
“This latest cyberattack against T-Mobile may be smaller than previous…
“Genesis Market is a complex global criminal access marketplace. Buyers…