Locky ransomware returns to infect Windows Vista and XP machines


Hackers spreading Locky ransomware is said to have returned with their latest campaign of infecting Windows machines. But this time their effort seems to be half-baked because the said ransomware is succeeding in infecting only Windows XP and Vista machines putting the modern Windows 7 & 10 machines aside.

The malware is being spread by Necurs Botnet through email spam and as per the experts from Kaspersky labs this work could be of North Korea again.

Remember, Necurs Botnet was also responsible for the spread of Jaff Ransomware- a successor to Locky ransomware. Jaff was being used by hackers to infect PCs around the world between Feb -May this year.

But in the last week of May’17, security experts from Kaspersky Labs found a flaw in the encryption routine of Jaff ransomware. Thus, they immediately developed a free Jaff ransomware cleaning tool from the flaw to help infected victims free their PCs from the said malware.

And as expected, Kaspersky feat to break the encryption of Jaff took the Necurs Botnet group by surprise. The spread of Jaff spam came down drastically from early June this year—all thanks to the free availability of the malware removal tool.

So, Necurs Botnet group again started depending on the Locky ransomware for conducting nefarious activities on the web.

The new spam waves were detected by a large set of researchers hailing from many security institutes and companies from early June’17. Among them, researchers from Cisco’s Talos Division were ones to first discover the fact that the authors of Locky rushed to replace Jaff ransomware with a spin-off of Locky from early June this year. But the ransomware failed to attack Windows 7,8,10 OSes as they had Data Execution Prevention(DEP) feature.

As a result, the new version of Locky is said to have the potential to infect and encrypt data only on Win XP and Vista machines.

More details will be updated shortly!

Note- As per the details gathered from StatCounter more than 70,000 machines around the globe are still running on Win XP OS. And the usage share of Vista happens to be around 6k.

Naveen Goud is a writer at Cybersecurity Insiders covering topics such as Mergers & Acquisitions, Startups, Cyber Attacks, Cloud Security and Mobile Security

No posts to display