Email campaigns pushing Locky ransomware are still very prevalent and continue to evolve. Encrypted files are now appended with the .asasin extension. This particular analysis shows that the threat actors were not successful in distributing the new variant. Rather than attaching a .7z archive as they typically do, they attached the base64 encoded text of the archive. The text was decoded and links were extracted by our labs team. Analyzing the binary revealed the......
Latest Locky Variant Encrypts with Ykcol Extension – IoCs and OTX
As you can see, our labs team is still seeing Locky is being distributed in a lot of malspam...Read More
Locky Now Pushing .Lukitus Variant – IoCs and OTX
Locky is being distributed at mass scale via phishing and spam email attacks by two major botnets; Necurs and...Read More
Locky DIABLO6 Ransomware Campaign Launched – IoCs and OTX
Locky IoCs extracted by our security operations center. Public Pulse | TLP: White | encrypts with extension .DIABLO6 OTX...Read More