Locky ransomware returns to infect Windows Vista and XP machines

816

Hackers spreading Locky ransomware is said to have returned with their latest campaign of infecting Windows machines. But this time their effort seems to be half-baked because the said ransomware is succeeding in infecting only Windows XP and Vista machines putting the modern Windows 7 & 10 machines aside.

The malware is being spread by Necurs Botnet through email spam and as per the experts from Kaspersky labs this work could be of North Korea again.

Remember, Necurs Botnet was also responsible for the spread of Jaff Ransomware- a successor to Locky ransomware. Jaff was being used by hackers to infect PCs around the world between Feb -May this year.

But in the last week of May’17, security experts from Kaspersky Labs found a flaw in the encryption routine of Jaff ransomware. Thus, they immediately developed a free Jaff ransomware cleaning tool from the flaw to help infected victims free their PCs from the said malware.

And as expected, Kaspersky feat to break the encryption of Jaff took the Necurs Botnet group by surprise. The spread of Jaff spam came down drastically from early June this year—all thanks to the free availability of the malware removal tool.

So, Necurs Botnet group again started depending on the Locky ransomware for conducting nefarious activities on the web.

The new spam waves were detected by a large set of researchers hailing from many security institutes and companies from early June’17. Among them, researchers from Cisco’s Talos Division were ones to first discover the fact that the authors of Locky rushed to replace Jaff ransomware with a spin-off of Locky from early June this year. But the ransomware failed to attack Windows 7,8,10 OSes as they had Data Execution Prevention(DEP) feature.

As a result, the new version of Locky is said to have the potential to infect and encrypt data only on Win XP and Vista machines.

More details will be updated shortly!

Note- As per the details gathered from StatCounter more than 70,000 machines around the globe are still running on Win XP OS. And the usage share of Vista happens to be around 6k.

Google Enterprise Security Program offers enhanced Malware and Phishing protection

Navigating the Rising Tide of Cyber Attacks: Lessons from recent Cyber…

Ransomware Attacks Shake Automotive and Beverage Industries

Ransomware testing being done on developing countries

Locky ransomware returns to infect Windows Vista and XP machines

No posts to display

NEW REPORTS

2024 Application Security Report [Fortinet]

2024 Security Service Edge Report [HPE]

2024 VPN Risk Report [HPE]

2024 Insider Threat Report [Securonix]

Block title

EDITOR PICKS

Understanding and Responding to Distributed Denial-of-Service Attacks

Overcoming security alert fatigue

Four ways to make yourself a harder target for cybercriminals

POPULAR POSTS

List of Countries which are most vulnerable to Cyber Attacks

Top 5 Cloud Security related Data Breaches!

Top 5 PCI Compliance Mistakes and How to Avoid Them

RECENT POSTS

Google Enterprise Security Program offers enhanced Malware and Phishing protection

Navigating the Rising Tide of Cyber Attacks: Lessons from recent Cyber...

Google Facebook ads are deceptive and information stealing