LOCKY GETS UPDATED TO ‘YKCOL’, PART OF RAPID-FIRE SPAM CAMPAIGNS

cyber

Cybercriminals behind the Locky ransomware have revamped the malware’s code three times in 30-day period and blasted out massive spam campaigns.

According to researchers at Trustwave, the latest variant of Locky ransomware is called Ykcol (that’s Locky spelled backwards) and was part of a Sept. 19 spam blast targeting 3 million inboxes within a three-hour period. Messages were sent from the notorious Necurs botnet.

That campaign dovetails recent campaigns that pushed out Locky variants Lukitus and Diablo during the same 30-day period between Aug. 14 and Sept. 19. The Lukitus campaign started at the end of August and lasted more than a week, sending 15 million to 20 million emails.

“The behavior is the same, but the extensions used to encrypt the files and the malware binaries are constantly changing,” said Karl Sigler, threat intelligence manager for SpiderLabs at Trustwave. With Ykcol, encrypted files use the extension .ykcol. Sigler said Locky authors also “tweak” the malware’s binaries, only slightly changing code such as variable names or internal logic.

To read the original article:

https://threatpost.com/locky-gets-updated-to-ykcol-part-of-rapid-fire-spam-campaigns/128412/

Learn more about ‘Locky’: 

https://cyber.tn/?p=1029

Laisser un commentaire

Next Post

Précisions à propos des perturbations sur Yahoo Mail

Suite à ce qu’à été publié sur quelques sites électroniques à propos des perturbations constatées sur le portail web mail de Yahoo, l’ATI tient à préciser ce qui suit : 1-Tous les serveurs DNS Tunisiens y compris les serveurs de l’ATI sont opérationnels d’une manière continue et sans arrêt. Leurs […]