Dridex is currently one of the most active and widespread banking malware. Like Locky ransomware also Dridex is dispatched through a massive spam mail campaign that uses the Necurs botnet. Our sensors have long been tracking these spam campaigns and recent captured emails contain a Word document that drops Dridex. In our latest samples we have observed a delay on execution of the …

Locky is one of the most widely distributed and infamous threats in the ransomware landscape. First detected in February 2016 Locky has spread very quickly, proving to be both sneaky and effective. The usual dispatch chain took advantage of massive spam campaigns, leveraging freshly compromised domains to enhance its chances of passing under the radar of the …