Throughout the year, Forcepoint’s researchers been monitoring key milestones in Locky’s evolution; from its birth in February and the addition of virtual machine (VM) and analysis tool countermeasures in June, to its use of off line encryption in July and an intermediate downloader in September.
Locky is distributed through exploit kits on infected websites and emails via infected MS Office and ZIP file attachments. The ransomware seeks to encrypt any files it can find, usually with a “.locky” extension (newer variants use the .zepto, .thot and .zzzzz extensions), before demanding payment in Bitcoin.
Carl Leonard, Principal Security Analyst at Forcepoint:
“Locky has been a growing menace in 2016. Its constantly changing distribution technique and functionality has been used to successfully extort many people’s money. In the face of continually evolving malware and ransomware strains it is important for businesses to stay vigilant and ensure they complement strong IT defences with security best practice. As always, it is important to back up and archive business critical data and only open email attachments from trusted or verified senders.”
Most Commented Posts
2020 Cybersecurity Landscape: 100+ Experts’ Predictions
Cyber Security Predictions 2021: Experts’ Responses
Experts’ Responses: Cyber Security Predictions 2023
Data Privacy Protection Day (Thursday 28th) – Experts Comments
Experts Insight On US Pipeline Shut After Cyberattack
Most Active Commenters
Recent Comments
“Cybersecurity Awareness Month’s new evergreen theme "Secure Our World” is…
“Avoid storing data on personal devices: A crucial but often overlooked…
“I recommend a new nuance to passwords that isn’t often…
“In my role overseeing cloud environments and incident response, I'm…
“Cybersecurity Awareness Month serves as a reminder to confront the…