1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

[!!! Important !!!] Trojaner "Locky"

Discussion in 'Lounge' started by the MINION, Feb 23, 2016.

  1. Annit

    Annit Registered

    Hey, "Locky" is a ransomware rather than a Trojan, you can find many information on the Internet, which always states it as a ransoware;)
     
    SIPKODAR likes this.
  2. Jassica181

    Jassica181 Registered

    "Locky" is a ransomware that appeared in the early 2016. It mainly spreads via spam emails which have a subject line that reads “ATTN: Invoice J-[random numbers]” and a Word document attachment that has the same name with the subject. Here is a screenshot:

    [​IMG]

    When victims open the attachment, they will be presented a document containing scrambled content and a prompt to enable macro in order to unscramble it. See the screenshot below:

    [​IMG]

    Once the macro is enabled, it will start downloading an executable file named ladybi.exe from a remote server. This execuable file is actually the Locky ransomware. This ransomware scans all local drives and unmapped network shares for data files to encrypt. Then it displays a note demanding victims to buy a piece of software called Locky decrypter, which costs 0.5 Bitcoin (equivalent to $207.63), to decrypt their files. Here is the screenshots:

    [​IMG]

    [​IMG]

    Source: http://guides.uufix.com/how-to-remove-locky-ransomware-from-your-pc
     
    BluFish likes this.
  3. Hybrid

    Hybrid Banrighted Banrighted Warteam Member

  4. PrOvokator

    PrOvokator Slaps you silly

    Nice one Hybrid, now if only they would release one for Torguard encryption, that one my colleague got.
     
  5. KeroKeroBonito

    KeroKeroBonito Registered

    In order to be safe from different ransomwares you must turn off macros in Word and stop using flash. It is old, insecure, and rapidly losing support by other manufacturers in favor of better standards. Also, to be surely protected, you can use anti-ransomware tool form Malwarebytes or Bitdefender. But when infected, first of all I recommend to use ShadowExplorer free tool and this guide in order to try to recover encrypted files from shadow copies.
     
  6. SIPKODAR

    SIPKODAR Ban Evasion hunter. Banrighted Warteam Member

    For Java/Flash/Microsoft Office/Silverlight protection etc I suggest using EMET + good firewall asking for connect to unkown IPs
     
  7. Oligotres

    Oligotres Registered

    Hello, almost all of the known ransomware trojans were researched by malwarebytes.com and bleepingcomputer.com however the newest ones don't have antidot , for instance wallet-file-virus that has been invented just recently - I've found only one tool http://myspybot.com/wallet-file-virus/ but not sure it matches.
     

Share This Page