The Locky ransomware has been very active since its return which we documented in a previous blog post. There are several different Locky campaigns going on at the same time, the largest being the one from affiliate ID 3 which comes with malicious ZIP containing .VBS or .JS attachments.
Malwarebytes researcher Marcelo Rivero discovered a trick documented before with the Dridex Trojan employed by Locky’s affiliate ID 5 to bypass automated analysis done via sandboxes.
Leave a reply
