Ransomware, massive spam campaign spreads new version of Locky

Since its return to the Net Locky has been modified at least three times by hackers, making it more difficult to protect our devices

We had already reported on the return of Locky ransomware, one of the most dangerous viruses in recent years. According to cybersecurity researchers between September and October 2017, the malware was modified at least three times. According to Trustwave experts, the latest variant of Locky is called Ykcol, or Locky in reverse.

Ykcol started spreading on September 19, 2017 and in a short time it reached more than 3 million email accounts. In fact, ransomware, like most of these viruses, spreads through malicious attachments and links. To have such a widespread spread in a short time, the new Locky exploited the botnet known as Necurs. Between the end of September and October, two previously unknown versions of Locky were also registered as Locky Lukitus and Diablo. The first virus has so far reached between 15 and 20 million users on the Internet. The goal of these constant updates is to keep security researchers from detecting the virus and prevent any preventive action.

Game of Thrones ransomware

The cyber criminals who modified Locky into Ykcol must be big fans of the Game of Thrones TV series. In fact, some of the malware's Visual Basic scripts include names like Aria, HoldTheDoor, Sansa Stark, JohnSnow and Robert Baration. Ykcol uses special attachments to lure the user into the trap, namely empty invoices, or rather containing only the virus. Locky Lukitus and Diablo use Microsoft Office documents to infect victims' PCs.

Ransomware price

Ransomware is so widespread that cyber criminals are starting to lower the price charged for ransomware. Compared to Locky which required 25 Bitcoins to get your files back, now the ransom has dropped to 5 Bitcoins. Profit however is not an issue for these viruses. If we consider that in just two years they have generated almost $30 million. And Locky is one of the most profitable ransomware families ever. According to Trustwave, it is possible that there is an additional, yet undiscovered version of Locky on the Net at the moment.