This post authored by Nick Biasini with contributions from Jaeson Schultz
Locky has been a devastating force for the last year in the spam and ransomware landscape. The Locky variant of ransomware has been responsible for huge amounts of spam messages being sent on a daily basis. The main driver behind this traffic is the Necurs botnet. This botnet is responsible for the majority of Locky and Dridex activity. Periodically Necurs goes offline and during these periods we typically see Locky activity decrease drastically. One of these periods is currently ongoing.
Great article! We have seen a definite decrease in the SOC for this alert type. It is nice to see the correlation put together this way.
Good job guys!