computer repairs manchester logo

Locky Ransomware Makes A Comeback With New Variant

Locky Ransomware Makes A Comeback With New Variant

Introduction

The notorious Locky ransomware has made an unwelcome return, with security researchers detecting a new variant in the wild after over a year of inactivity. As one of the most destructive and profitable ransomware strains in history, Locky’s comeback underscores the resilience of cybercriminal networks and the importance of vigilance in protecting against ransomware.

In this article, I will provide an overview of Locky’s history, examine the features of the new variant, analyze the implications of its reemergence, and offer recommendations on defending against this threat. My goal is to equip readers with the knowledge needed to detect and prevent Locky infections.

A Brief History of Locky

First observed in February 2016, Locky quickly made a name for itself as one of the most virulent ransomware strains. It was spread via malicious Word documents and exploit kits, with the criminals behind it raking in nearly $7.8 million in extorted payments in just its first two months.

Some key facts about Locky:

  • Origin: Believed to be operated by a cybercriminal group out of Eastern Europe.

  • Distribution: Spread through phishing emails containing Word docs that downloaded the malware. Also used the Nuclear and Rig exploit kits.

  • Encryption: Used strong AES and RSA-2048 encryption to lock files. Added the .locky extension to encrypted files.

  • Profit: Made nearly $7.8 million in its first 2 months through ransom payments.

Locky remained active throughout 2016 and 2017, with the criminals behind it constantly modifying their tactics. Activity began to decline in 2018, and the last known Locky campaign was seen in April 2019.

The Return of Locky

In January 2022, cybersecurity researchers spotted a new ransomware sample identified as LockBit 3.0. Analysis revealed it to be a new variant of Locky, with the criminals respinning their malware but keeping its core encryption mechanisms.

Some updates made in the new Locky variant:

  • Anti-analysis features: Added checks to detect malware analysis tools and security sandboxes. Aims to evade detection.

  • Evasion improvements: Uses new obfuscation methods to hide its code. Attempts to bypass antivirus software.

  • Expands encryption targets: Now encrypts macOS and Linux systems in addition to Windows.

  • Lateral movement module: Contains capabilities to spread across networks. Can infect more devices once inside.

While displaying these new features, the core ransomware functionality remains unchanged. Files are encrypted with a complex algorithm and the .locky extension appended.

Implications of Locky’s Return

The resurgence of Locky after years of inactivity does not bode well from a cybersecurity perspective. Some key implications:

  • Preys on outdated systems: Relies on old exploits like EternalBlue, indicating it targets systems not patched against known vulnerabilities.

  • Operated by experienced group: The new variant suggests the original Locky group is likely still active. Their experience makes them dangerous.

  • Ransomware remains lucrative: Locky’s return shows that ransomware is still profitable for attackers, spurring continued innovation.

  • Potential for major damage: Given Locky’s history, a widespread campaign could lead to considerable systems disruption and financial loss.

Defenders should be on high alert for Locky activity and take steps to mitigate the risk it represents. Ransomware has only grown more sophisticated since Locky first emerged in 2016.

Recommendations for Protection Against Locky

The re-emergence of Locky serves as a reminder that ransomware threats cannot be ignored. Here are some best practices to safeguard systems:

  • Patch aggressively: Apply all software updates on systems to eliminate vulnerabilities ransomware relies on.

  • Exercise caution with email: Advise employees to avoid opening attachments from unknown senders. A common Locky attack vector.

  • Use antivirus tools: Ensure endpoints have next-gen antivirus software that can detect and block ransomware.

  • Segment networks: Limit lateral movement by keeping critical systems separated from one another.

  • Back up data routinely: Maintain regular backups disconnected from the network. Allows restoring data without paying ransom.

  • Monitor for activity spikes: Watch for abnormal system activity that could indicate ransomware execution.

With vigilance and proper precautions, the damage inflicted by the latest Locky variant can be limited. But the threat cannot be ignored given this ransomware family’s track record of disruption.

Conclusion

The reboot of Locky ransomware demonstrates that even dormant threats can come back stronger than ever. Its developers have updated it with new evasion techniques while retaining the malicious capabilities that made it infamous. To protect against this latest variant, organizations should reevaluate their ransomware defenses and ensure they are not vulnerable to exploits Locky leverages to spread. Maintaining comprehensive backups is also critical. With cybercriminals sure to build upon Locky’s renewal, ransomware resilience has never been more important.

Facebook
Pinterest
Twitter
LinkedIn

Newsletter

Signup our newsletter to get update information, news, insight or promotions.

Latest Post

Related Article

computer repairs manchester logo
Facebook-f Instagram Twitter Youtube
Copyright © 2023 ItFix, All rights reserved.
Webdesign by Strony Internetowe UK