-
Locky Ransomware now uses the .ODIN extension for Encrypted Files
Today a new Locky Ransomware variant was discovered by @dvk01uk that now uses the .ODIN extension for encrypted files. It is important to note that if you are infected with this ransomware, you are not infected with the Odin Ransomware. You are instead infected by Locky, which is using the .ODIN extension. There is a difference.
- September 26, 2016
- 08:15 PM
19
-
The Week in Ransomware - September 16 2016 - Stampado, Locky, Atom, and More
Thankfully, it was a slow week this week when it comes to ransomware. For this week we had 3 new variants of existing ransomware, 2 new ransomware infections, and an updated decryptor.
- September 16, 2016
- 01:53 PM
2
-
Sponsored Content
Free shadow SaaS inventory + security insightsDiscover all SaaS accounts ever created by anyone in your org, in minutes, along with insights on security risks and spend. Save time, money and effort by curbing SaaS sprawl and automating tasks like offboarding and user access reviews. Free trial.
-
The Week in Ransomware - September 9th 2016 - CryPy, CryLocker, Philadelphia, and More
This week we have 6 new ransomware, 1 distasteful ransom note, 2 decryptors, and an update to Locky. Of particular note is the CryLocker Ransomware, which uses Imgur.com to store information about its victims. We also have a new ransomware being sold, an update to Locky, and security researchers fighting back!
- September 10, 2016
- 11:53 AM
- 0
-
Locky now using Embedded RSA Key instead of contacting Command & Control Servers
A new version of the Locky Ransomware, aka Zepto, has been circulating since around the September 5th 2016 that includes an embedded RSA key. This key allows Locky to encrypt a victim's computer without having to contact their Command & Control server.
- September 06, 2016
- 03:07 PM
- 4
-
The Week in Ransomware- August 26 2016 - Cows, WildFire Locker, Locky, and More!
Ransomware is running rampant! This week we have 10 stories, with 6 new ransomware, a decryptor, Locky being distributed as a DLL, and more. Pop culture ransomware continues to be the "thing" as new Purge and Pokemon based ransomware were also released this week.
- August 26, 2016
- 05:24 PM
- 6
-
Locky / Zepto Ransomware now being installed from a DLL
Over the past few days, the Locky / Zepto developers have switched to using a DLL to install the Locky Ransomware rather than an executable. This is probably being done for further obfuscation and to bypass executable blockers as rundll32.exe is typically white listed.
- August 26, 2016
- 02:21 PM
- 1
-
The Week in Ransomware - August 5th 2016 - Cerber, Zepto, ShinoLocker, and More
This week we have 1 new ransomware variants, 3 new ransomware infections, and 1 new distribution campaign. The big news is that the Cerber Ransomware released a new version with some significant updates.
- August 05, 2016
- 09:50 AM
- 1
-
Zepto Ransomware Locky Variant being distributed via WSF Attachments
Over the past week or so, a new distribution campaign for the Locky variant dubbed the Zepto Ransomware has been underway. Previously, the Zepto Ransomware installer was being distributed using zipped JS files. Now the installer are being sent as zipped WSF files in emails that pretend to be banking reports and invoices.
- August 01, 2016
- 02:05 PM
- 0
-
New Locky version adds the .Zepto Extension to Encrypted Files
A new version of the Locky Ransomware was released yesterday that uses a new naming scheme that appends the .zepto extension to encrypted files. With this new version, Locky will rename files to a name similar to 024BCD33-41D1-ACD3-3EEA-84083E322DFA.zepto.
- June 28, 2016
- 11:31 AM
- 6
