Locky ransomware why this menace keeps coming back zdnet sell bitcoin in ghana

Nobody knows who exactly is behind Locky, but the sophistication of the ransomware, and the strength of the underlying cryptography which researchers haven’t been able to crack, points to it being the work of a highly professional group.

Like a legitimate software developer they’re constantly working to update their product, and unlike other forms of ransomware, Locky isn’t available ‘as-a-service’ for others to use, so it’s possible the campaigns go quiet as those behind on it work on their code or experiment with new tactics.

"The respite we saw from Locky was likely just a planned pull-back on the attackers part bitcoin whatsapp group. Like any organisation, they need to time to refine code and command-and-control infrastructure, plan new attack vectors, organise ransom payment collection methods and compile new lists of targets," said Troy Gill, manager of security research at AppRiver.


Each time Locky has briefly re-emerged before seemingly disappearing during the course of this year, it’s been doing something a little different, suggesting that those behind it are experimenting.

For example a Locky spike in April saw the ransomware flirt with a new delivery technique with distribution via an infected PDFs instead of Office documents, a tactic associated with the Dridex malware botnet bitcoin buy price. So it could be that the ransomware simply goes offline as those behind it examine malware trends and how they can implement them into Locky for it to become more successful.

"The timing of these comebacks matches closely with the introduction of new attributes such as the most recent Diablo and Lukitus extensions for attached files and the use of new distribution techniques involving PDF documents or phishing links," says Brendan Griffin, threat intelligence manager at PhishMe.

Locky is distributed via the Necurs botnet – a zombie army of over five million hacked devices – and the ransomware appears to go off the radar when the botnet is used for other activity get free bitcoins fast. For example, Necurs re-emerged following a period of inactivity in March with its power was harnessed to distribute email stock scams.

While less sophisticated than Locky, researchers believe Jaff and Locky to be connected how to do bitcoin mining. Not only do the Jaff decryptor website and the Locky decryptor websites look almost identical, but like Locky, the ransomware will delete itself from the infected machine if the local language is Russian.

Since then, the Necurs botnet has returned to distributing Locky, which might indicate that while they may experiment with other forms of cyber criminal activity, those behind Locky see it as a reliable tool to fall back on – because it works and generates revenue.

"Locky is an incredibly powerful and well developed piece of ransomware," says Adam Kujawa director of malware intelligence at Malwarebytes. "At the end of the day, the bad guys want to make money and they will use whatever software they can get their hands on to make that happen".

So while Locky is successful, those behind it are opportunistic and are constantly on the lookout for other means of making money – and if that means dropping Locky in favour of something else then so be it.

But for now, Locky remains successful – because if victims weren’t still paying ransoms, the attackers would swiftly move onto something else bitcoin mining how it works. But 18 months on from the Hollywood Presbyterian Medical Center attack, it’s still here and it’s still successfully infiltrating networks.

Ransomware remains successful because it works, because enough people get infected after being duped by phishing emails and enough organisations will give in and pay the ransom fee in order to regain access to their systems – especially as there’s still no decryption tool available.

Simply put, Locky keeps returning because it is successful bitcoin starter. So the next time it appears to go silent, don’t make any assumptions about the ransomware being dead – it’s likely that it’s just gone offline while those behind it work to make it even more effective.

By registering you become a member of the CBS Interactive family of sites and you have read and agree to the Terms of Use, Privacy Policy and Video Services Policy what is the price of a bitcoin. You agree to receive updates, alerts and promotions from CBS and that CBS may share information about you with our marketing partners so that they may contact you by email or otherwise about their products or services.