The Nexus of Locky and Necurs
The infamous ransomware called Locky, which had almost disappeared, is now back again inundating e-mail inboxes because of fresh attacks dispatched from a familiar botnet 'Necurs.'
During 2016, Locky spread dominantly as a malicious software; however, became ineffective as botnet 'Necurs' slowed down operations. But Talos' security researchers on 21st April spotted one large-scale attack from Locky that was dispatched through the Necurs, as written in Cisco blog.
The Necurs network of bots contains a maximum of 6m zombie machines. It serves some extremely destructive ransomware variants and banking Trojans through e-mails in the millions each time, while it goes on honing its capabilities. Essentially, Necurs carries out the majority of cyber-crimes on the Web along with the tremendous losses its attacks result in. It is reported that damages from cyber-crimes may lead the world to expend some $6trl by 2021. Such a computation is enough to understand increasingly of one such prominent e-threat. Securityintelligence.com posted this, April 24, 2017.
Locky's attack campaigns emanate from Necurs even as the botnet earlier delivered more conventional spam namely work-from-home junk e-mails, Russian dating bulk e-mails and pump-and-dump penny stock spam.
Even Malwarebytes Labs spotted the campaign. The security company blogs that the method Locky took from Dridex involves implanting one Word file onto one PDF file. This lets the malicious software bypass sandbox detections.
Soon as receivers of the Locky-tainted attachment clicks on it, the infected Word file shows up. Just then the attack's social engineering unfolds that tricks the user towards clicking the macro that thrusts Locky.
Locky subsequently encrypts all the PC files of the victim and gives them a filename extension namely .osiris, while the perpetrators tell the victim to pay up 0.5 Bitcoin for restoring the files' access.
During 2016 alone, the Necurs botnet performed a variety of roles. Its connection with the Dridex attackers of spam was used for disseminating a highly sinister banker Trojan prevailing in the world. The malicious network as well actively distributed Locky in masses - Locky is referred to as the ransomware child of Dridex. It also launched DDoS or Distributed Denial-of-Service assaults.
» SPAMfighter News - 4/27/2017
We are happy to see you are reading our IT Security News.
We do believe, that the foundation for a good work environment starts with fast, secure and high performing computers. If you agree, then you should take a look at our Business Solutions to Spam Filter & Antivirus for even the latest version of Exchange Servers - your colleagues will appreciate it!