• Trend Micro
  • About TrendLabs Security Intelligence Blog
Search:
  • Home
  • Categories
    • Ransomware
    • Vulnerabilities
    • Exploits
    • Targeted Attacks
    • Deep Web
    • Mobile
    • Internet of Things
    • Malware
    • Bad Sites
    • Spam
    • Botnets
    • Social
    • Open source
Home   »   Locky

A Look at Locky Ransomware’s Recent Spam Activities
  • Posted on:October 19, 2017 at 5:01 am
  • Posted in:Ransomware, Spam
  • Author:
    Rubio Wu (Threats Analyst)
0

Ransomware has been one of the most prevalent, prolific, and pervasive threats in the 2017 threat landscape, with financial losses among enterprises and end users now likely to have reached billions of dollars. Locky ransomware, in particular, has come a long way since first emerging in early 2016. Despite the number of times it apparently spent in hiatus, Locky remains a relevant and credible threat given its impact on end users and especially businesses. Our detections show that it’s making another comeback with new campaigns.

A closer look at the file-encrypting malware’s activities reveals a constant: the use of spam. While they remain a major entry point for ransomware, Locky appears to be concentrating its distribution through large-scale spam campaigns of late, regardless of the variants released by its operators/developers.

Read More
Tags: LockyransomwareSpamTrickbot

Locky Ransomware Pushed Alongside FakeGlobe in Upgraded Spam Campaigns
  • Posted on:September 18, 2017 at 9:00 am
  • Posted in:Ransomware, Spam
  • Author:
    Trend Micro
0

In the beginning of September, a sizeable spam campaign was detected distributing a new Locky variant. Locky is a notorious ransomware that was first detected in the early months of 2016 and has continued to evolve and spread through different methods, particularly spam mail. A thorough look at samples from recent campaigns shows that cybercriminals are using sophisticated distribution methods, affecting users in more than 70 countries.

In the specific campaigns discussed below, both Locky and the ransomware FakeGlobe were being distributed—but the two were rotated. The cybercriminals behind the campaign designed it so that clicking on a link from the spam email might deliver Locky one hour, and then FakeGlobe the next. This makes re-infection a distinct possibility, as victims infected with one ransomware are still vulnerable to the next one in the rotation.

Read More
Tags: FakeGlobeLockyransomware

New Bizarro Sundown Exploit Kit Spreads Locky
  • Posted on:November 4, 2016 at 2:04 am
  • Posted in:Bad Sites, Exploits, Ransomware
  • Author:
    Brooks Li and Joseph C. Chen (Threats Analysts)
0

A new exploit kit has arrived which is spreading different versions of Locky ransomware. We spotted two cases of this new threat, which is based on the earlier Sundown exploit kit. Sundown rose to prominence (together with Rig) after the then-dominant Neutrino exploit kit was neutralized.

Called Bizarro Sundown, the first version was spotted on October 5 with a second sighting two weeks later, on October 19. Users in Taiwan and Korea made up more than half of the victims of this threat. Bizarro Sundown shares some features with its Sundown predecessor but added anti-analysis features. The October 19 attack also changed its URL format to closely resemble legitimate web advertisements. Both versions were used exclusively by the ShadowGate/WordsJS campaign.

Read More
Tags: Bizarro Sundownexploit kitsLockyShadowGateSundown

From RAR to JavaScript: Ransomware Figures in the Fluctuations of Email Attachments
  • Posted on:September 22, 2016 at 2:15 am
  • Posted in:Ransomware, Spam
  • Author:
    Trend Micro
0

Why is it critical to stop ransomware at the gateway layer? Because email is the top entry point used by prevalent ransomware families. Based on our analysis, 71% of known ransomware families arrive via email. While there’s nothing new about the use of spam, ransomware distributors continue to employ this infection vector because it’s a tried-and-tested method. It’s also an effective way to reach potential victims like enterprises and small and medium businesses (SMBs) that normally use emails for communication and daily operations. Over the first half of the year, we observed how cybercriminals leveraged file types like JavaScript, VBScript, and Office files with macros to evade traditional security solutions. Some of these file types can be used to code malware. In fact, as a security precaution, Microsoft turns off macros by default. In this blog post, we examine various email file attachments and how ransomware affected the fluctuation in the use of these file types.

Read More
Tags: LockyLocky Ransomwarespam email attachment

Locky Ransomware Now Downloaded as Encrypted DLLs
  • Posted on:August 29, 2016 at 4:56 am
  • Posted in:Malware, Ransomware
  • Author:
    Brooks Li (Threats Analyst)
0

The Locky ransomware family has emerged as one of the most prominent ransomware families to date, being sold in the Brazilian underground and spreading via various exploits. Locky has, over time, become known for using a wide variety of tactics to spread–including macros, VBScript, WSF files, and now, DLLs.

Recently we encountered a new Locky variant (detected as RANSOM_LOCKY.F116HM) that used old tactics on the surface, but with some key technical changes. The emails that were used to distribute it were fairly pedestrian as far as these messages go, although it was part of a large-scale spam campaign.

Read More
Tags: LockyPRNGransomwareUHE PRNG
Page 1 of 212

Security Predictions for 2020

  • Cybersecurity in 2020 will be viewed through many lenses — from differing attacker motivations and cybercriminal arsenal to technological developments and global threat intelligence — only so defenders can keep up with the broad range of threats.
    Read our security predictions for 2020.

Business Process Compromise

  • Attackers are starting to invest in long-term operations that target specific processes enterprises rely on. They scout for vulnerable practices, susceptible systems and operational loopholes that they can leverage or abuse. To learn more, read our Security 101: Business Process Compromise.

Popular Posts

  • First Active Attack Exploiting CVE-2019-2215 Found on Google Play, Linked to SideWinder APT Group
  • January Patch Tuesday: Update List Includes Fixes for Internet Explorer, Remote Desktop, Cryptographic Bugs
  • Old Tools for New Money: URL Spreading Shellbot and XMRig Using 17-year-old XHide
  • Patched GIF Processing Vulnerability CVE-2019-11932 Still Afflicts Multiple Mobile Apps
  • Outlaw Hacking Group’s Botnet Observed Spreading Miner, Perl-Based Backdoor

Stay Updated

  • Home and Home Office
  • |
  • For Business
  • |
  • Security Intelligence
  • |
  • About Trend Micro
  • Asia Pacific Region (APAC): Australia / New Zealand, 中国, 日本, 대한민국, 台灣
  • Latin America Region (LAR): Brasil, México
  • North America Region (NABU): United States, Canada
  • Europe, Middle East, & Africa Region (EMEA): France, Deutschland / Österreich / Schweiz, Italia, Россия, España, United Kingdom / Ireland
  • Privacy Statement
  • Legal Policies
  • Copyright © Trend Micro Incorporated. All rights reserved.