Email campaigns pushing Locky ransomware are still very prevalent and continue to evolve. Encrypted files are now appended with the .asasin extension. This particular analysis shows that the threat actors were not successful in distributing the new variant. Rather than attaching a .7z archive as they typically do, they attached the base64 encoded text of the archive. The text was decoded and links were extracted by our labs team. Analyzing the binary revealed the......
As you can see, our labs team is still seeing Locky is being distributed in a lot of malspam...Read More
Locky is being distributed at mass scale via phishing and spam email attacks by two major botnets; Necurs and...Read More
Locky IoCs extracted by our security operations center. Public Pulse | TLP: White | encrypts with extension .DIABLO6 OTX...Read More