Locky ransomware switches up extension with asasin variant
by Vertek Labs
Email campaigns pushing Locky ransomware are still very prevalent and continue to evolve. Encrypted files are now appended with the .asasin extension.
This particular analysis shows that the threat actors were not successful in distributing the new variant. Rather than attaching a .7z archive as they typically do, they attached the base64 encoded text of the archive. The text was decoded and links were extracted by our labs team. Analyzing the binary revealed the new .asasin variant.
OTX pulse for Locky asasin: https://otx.alienvault.com/pulse/59dcf943e303346721f04770/
January 15, 2019