Friday, 1 April 2016

A new type of #ransomware to look out for!

"Locky is usually delivered via downloader in MS Office document (i.e. DOC) or JavaScript – e-mail attachment in a phishing campaign. The payload is a 32-bit Windows executable, containing the malicious core packed in a crypter/dropper (they are various, with various icons).
locky_samples
After being deployed it disappears and runs its dropped copy (renamed to svchost.exe) from the %TEMP% folder."

Read the full story here: https://blog.malwarebytes.org/intelligence/2016/03/look-into-locky/