In spite of being considered as fallen into disuse the Locky virus has reappeared, so much so that as of September 2017 it is the second largest cyber threat to SMEs
Locky has been one of the most widespread and dangerous ransomware in the last period. The verb in the past tense is a must because according to many cybersecurity researchers thanks to patches have managed to curb the action of the virus. However, in the last few months the victims of Locky have been increasing again.
Many analysts mistakenly considered Locky as a fallen malware. In reality, the ransomware resurfaced in August 2017 and according to research by cybersecurity company Check Point Software in September it was the second most popular virus worldwide. This is a sudden and unprecedented comeback. Rarely has a malware managed to reappear, without much evolution, affecting such a large number of users. However, it should be mentioned that according to several cybersecurity analysts, Locky is one of the 10 most dangerous hacker attacks ever recorded in the history of the Internet.
The new version of Locky
Unlike the first version of Locky, which traveled mainly via email, the new wave of ransomware exploits malvertising campaigns with adware and malicious sites. The new version of Locky also includes the malicious code of another already known ransomware, GlobeImposter. It too uses malicious ads to infect its victims. The preferred target of Locky remains SMEs. And it is no coincidence that Check Point Software itself has advised business owners to train their employees to prevent them from falling into the social engineering traps designed by the cyber criminals behind Locky's comeback. Ransomware viruses remain the most important threat to businesses even towards the end of this 2017. Not surprisingly, the most dangerous malware ahead of Locky is Cerber, another popular ransomware.