Locky Ransomware Now Downloaded as Encrypted DLLs – TrendLabs Security Intelligence Blog

Locky Ransomware Now Downloaded as Encrypted DLLs – TrendLabs Security Intelligence Blog

http://ift.tt/2ca1KpS

The Locky ransomware family has emerged as one of the most prominent ransomware families to date, being sold in the Brazilian underground and spreading via various exploits. Locky has, over time, become known for using a wide variety of tactics to spread–including macros, VBScript, WSF files, and now, DLLs.

Recently we encountered a new Locky variant (detected as RANSOM_LOCKY.F116HM) that used old tactics on the surface, but with some key technical changes. The emails that were used to distribute it were fairly pedestrian as far as these messages go, although it was part of a large-scale spam campaign.

APT

via Advanced Threats,Intelligence Technology,CyberSecurity | Scoop.it http://ift.tt/1PrSk69

September 5, 2016 at 05:45AM