Locky new loader

Locky Ransomware Shipping With a New Loader

ReaQta has been monitoring a new and massive worldwide Locky ransomware spam campaign.┬áThe attacks are carried out in the usual way: a javascript file attached to an email message delivered to the victims, although this is the first campaign we have tracked that shows a different deployment behaviour. The javascript downloader usually retrieves Locky’s dropper from a compromised website, while in this case the downloaded file is encoded making it harder for traditional protection solutions to spot the incoming threat.

Continue reading “Locky Ransomware Shipping With a New Loader”