This post was authored by Alex Chiu, Warren Mercer, and Jaeson Schultz. Sean Baird and Matthew Molyett contributed to this post.
Back in May, the Necurs spam botnet jettisoned Locky ransomware in favor of the new Jaff ransomware variant. However, earlier this month Kaspersky discovered a vulnerability within Jaff which allowed them to create a decryptor. This turn of events seems to have caused the miscreants behind Necurs to scramble to distribute a different ransomware payload. Falling back on their old tricks, they have selected to re-distribute Locky ransomware. The malware is being transmitted via email using an .exe file encapsulated within two compressed .zip archives.
CONNECT WITH CISCO
LET US HELP
Call us: 1.800.553.6387 - Ext 118
US/Can | 5am-5pm Pacific Other Countries