A new strain of Locky ransomware in the wild

Comments are off
Marcelo Orlandi
A new strain of Locky ransomware in the wild

Avira Virus Lab researchers detected a new variant of the well-known Locky ransomware in the wild. This has been seen attached to what look like legitimate documents from standard applications such as Microsoft Word and Libre Office.

Once you open the document a set of actions will end in all valuable files being encrypted.

For those more technical:

  1. The click on the file will trigger a number of PowerShell commands, which you can see as they are in plain text.
  2. It downloads a Windows application which includes several stages in order to confuse and obfuscate itself, tricking people into thinking it’s a clean file.

This second file is the responsible for encrypting your files on your computer.

As you can see, the bad guys don’t stop creating new stuff to keep us busy.

Remember to keep a good security hygiene when browsing the internet and opening attachments.

Be safe out there. Until next Malware Monday.