Welcome, Guest. Please login or register.

Author Topic: Locky Ransomware  (Read 2058 times)

0 Members and 1 Guest are viewing this topic.

Online CMDL_GUY

  • Administrator
  • Location: Mt. Sidney Virginia
  • Posts: 8183
    • www.lscg.net
Locky Ransomware
« on: April 04, 2016, 09:02:22 AM »
http://techtalk.pcpitstop.com/2016/03/24/locky-ransomware-is-becoming-more-prevalent/?lockyontherise=

“The creators recently modified the DGA (Domain Generating Algorithm) so that the Command and Control servers are different each day. They also made a new variant of Locky, which attacks network shares and other attached storage, using blank/null credentials and/or the locally logged in user credentials. For the most part, they are sticking to 104.239.213.7 as the server, but are registering multiple domains. Lastly, they are partnering with the Exploit Kit (EK) developers to bundle Locky, so I expect to see a drastic increase in the number of samples being distributed via exploits and spam.”

Now, even more than ever, it is recommended that you keep offline backups of your data as malicious files can find their way to networked storage or devices
"Government is not reason; it is not eloquent; it is force. Like fire, it is a dangerous servant and a fearful master." - George Washington

“Remember democracy never lasts long. It soon wastes, exhausts, and murders itself. There never was a democracy yet, that did not commit suicide.”   -John Adams

K4LRM

www.lscg.net

Faster horses, younger women, older whiskey, more money.

Online MacGyver

  • Administrator
  • Location: Dallas, Texas
  • Posts: 4634
Re: Locky Ransomware
« Reply #1 on: April 04, 2016, 12:58:49 PM »
This is getting more widespread.  Larry, have you read anyting about what client AV software is catching this?
-I'm only here because my flux capacitor is broken.

Online CMDL_GUY

  • Administrator
  • Location: Mt. Sidney Virginia
  • Posts: 8183
    • www.lscg.net
Re: Locky Ransomware
« Reply #2 on: April 04, 2016, 04:54:29 PM »
PC-Matic!     :002:
"Government is not reason; it is not eloquent; it is force. Like fire, it is a dangerous servant and a fearful master." - George Washington

“Remember democracy never lasts long. It soon wastes, exhausts, and murders itself. There never was a democracy yet, that did not commit suicide.”   -John Adams

K4LRM

www.lscg.net

Faster horses, younger women, older whiskey, more money.

Online CMDL_GUY

  • Administrator
  • Location: Mt. Sidney Virginia
  • Posts: 8183
    • www.lscg.net
"Government is not reason; it is not eloquent; it is force. Like fire, it is a dangerous servant and a fearful master." - George Washington

“Remember democracy never lasts long. It soon wastes, exhausts, and murders itself. There never was a democracy yet, that did not commit suicide.”   -John Adams

K4LRM

www.lscg.net

Faster horses, younger women, older whiskey, more money.

Online MacGyver

  • Administrator
  • Location: Dallas, Texas
  • Posts: 4634
Re: Locky Ransomware
« Reply #4 on: April 04, 2016, 10:39:12 PM »
Looks like our Gateway Antivirus in Sonicwall is looking for Locky, Cryptolock, Cryptowall, and other variants. 
-I'm only here because my flux capacitor is broken.

Online hbiss

  • Administrator
  • Location: Westchester County, NY
  • Posts: 3310
Re: Locky Ransomware
« Reply #5 on: April 21, 2016, 03:34:31 PM »
I seem to be getting a lot of strange emails lately with .doc attachments. "Still waiting for payment on this invoice", "has your legal department seen this?", "Optonline.net legal action" (just happens to be my email provider  :015:)

-Hal
I gotta get out of this business...

COMSYSTEC- Phone Systems | paging systems | background music systems | foreground music systems | retail music | restaurant music

Online MacGyver

  • Administrator
  • Location: Dallas, Texas
  • Posts: 4634
Re: Locky Ransomware
« Reply #6 on: April 21, 2016, 07:44:40 PM »
I seem to be getting a lot of strange emails lately with .doc attachments. "Still waiting for payment on this invoice", "has your legal department seen this?", "Optonline.net legal action" (just happens to be my email provider  :015:)

-Hal

And think of all the minions in offices that just blindly open it becuase it's a Word document so they think it's friendly.

-I'm only here because my flux capacitor is broken.

Online hbiss

  • Administrator
  • Location: Westchester County, NY
  • Posts: 3310
Re: Locky Ransomware
« Reply #7 on: April 21, 2016, 09:52:28 PM »
That's why something needs to be done.

-Hal
I gotta get out of this business...

COMSYSTEC- Phone Systems | paging systems | background music systems | foreground music systems | retail music | restaurant music