• NCERT Solutions
    • NCERT Library
  • RD Sharma
    • RD Sharma Class 12 Solutions
    • RD Sharma Class 11 Solutions Free PDF Download
    • RD Sharma Class 10 Solutions
    • RD Sharma Class 9 Solutions
    • RD Sharma Class 8 Solutions
    • RD Sharma Class 7 Solutions
    • RD Sharma Class 6 Solutions
  • Class 12
    • Class 12 Science
      • NCERT Solutions for Class 12 Maths
      • NCERT Solutions for Class 12 Physics
      • NCERT Solutions for Class 12 Chemistry
      • NCERT Solutions for Class 12 Biology
      • NCERT Solutions for Class 12 Economics
      • NCERT Solutions for Class 12 Computer Science (Python)
      • NCERT Solutions for Class 12 Computer Science (C++)
      • NCERT Solutions for Class 12 English
      • NCERT Solutions for Class 12 Hindi
    • Class 12 Commerce
      • NCERT Solutions for Class 12 Maths
      • NCERT Solutions for Class 12 Business Studies
      • NCERT Solutions for Class 12 Accountancy
      • NCERT Solutions for Class 12 Micro Economics
      • NCERT Solutions for Class 12 Macro Economics
      • NCERT Solutions for Class 12 Entrepreneurship
    • Class 12 Humanities
      • NCERT Solutions for Class 12 History
      • NCERT Solutions for Class 12 Political Science
      • NCERT Solutions for Class 12 Economics
      • NCERT Solutions for Class 12 Sociology
      • NCERT Solutions for Class 12 Psychology
  • Class 11
    • Class 11 Science
      • NCERT Solutions for Class 11 Maths
      • NCERT Solutions for Class 11 Physics
      • NCERT Solutions for Class 11 Chemistry
      • NCERT Solutions for Class 11 Biology
      • NCERT Solutions for Class 11 Economics
      • NCERT Solutions for Class 11 Computer Science (Python)
      • NCERT Solutions for Class 11 English
      • NCERT Solutions for Class 11 Hindi
    • Class 11 Commerce
      • NCERT Solutions for Class 11 Maths
      • NCERT Solutions for Class 11 Business Studies
      • NCERT Solutions for Class 11 Accountancy
      • NCERT Solutions for Class 11 Economics
      • NCERT Solutions for Class 11 Entrepreneurship
    • Class 11 Humanities
      • NCERT Solutions for Class 11 Psychology
      • NCERT Solutions for Class 11 Political Science
      • NCERT Solutions for Class 11 Economics
      • NCERT Solutions for Class 11 Indian Economic Development
  • Class 10
    • NCERT Solutions for Class 10 Maths
    • NCERT Solutions for Class 10 Science
    • NCERT Solutions for Class 10 Social Science
    • NCERT Solutions for Class 10 English
    • NCERT Solutions For Class 10 Hindi Sanchayan
    • NCERT Solutions For Class 10 Hindi Sparsh
    • NCERT Solutions For Class 10 Hindi Kshitiz
    • NCERT Solutions For Class 10 Hindi Kritika
    • NCERT Solutions for Class 10 Sanskrit
    • NCERT Solutions for Class 10 Foundation of Information Technology
  • Class 9
    • NCERT Solutions for Class 9 Maths
    • NCERT Solutions for Class 9 Science
    • NCERT Solutions for Class 9 Social Science
    • NCERT Solutions for Class 9 English
    • NCERT Solutions for Class 9 Hindi
    • NCERT Solutions for Class 9 Sanskrit
    • NCERT Solutions for Class 9 Foundation of IT
  • CBSE Sample Papers
    • Previous Year Question Papers
    • CBSE Topper Answer Sheet
    • CBSE Sample Papers for Class 12
    • CBSE Sample Papers for Class 11
    • CBSE Sample Papers for Class 10
    • Solved CBSE Sample Papers for Class 9 with Solutions 2024-2025
    • CBSE Sample Papers Class 8
    • CBSE Sample Papers Class 7
    • CBSE Sample Papers Class 6
  • Textbook Solutions
    • Lakhmir Singh
    • Lakhmir Singh Class 10 Physics
    • Lakhmir Singh Class 10 Chemistry
    • Lakhmir Singh Class 10 Biology
    • Lakhmir Singh Class 9 Physics
    • Lakhmir Singh Class 9 Chemistry
    • PS Verma and VK Agarwal Biology Class 9 Solutions
    • Lakhmir Singh Science Class 8 Solutions

Learn CBSE

NCERT Solutions for Class 6, 7, 8, 9, 10, 11 and 12

Locky Ransomeware: Why This Threat Is Coming Back??

September 5, 2017 by phani

A ransome malware named LOCKY which is released in 2016 which is superbly active in 2017. It is delivered by an email which is allegedly an invoice requiring payment with an attached Microsoft word document that contains malicious macros.

If the user opens the document, it appears to be full of garbage, and t includes the phrase “Enable macro if data encoding is incorrect,” a social engineering technique. If the user does enable macros to save and run a binary file that downloads actual encryption Trojan, which encrypts all files that match particular extensions. Filenames are converted to a unique 16 letter and number combination with the locky file extension. Later the data is encrypted, and the website contains instructions that contain demand to pay 0.5 and one bitcoin which is equal to 500-1000 euros via a bitcoin exchange.

It was a revolutionary incident which brought ransomeware into the sight of all over the world, exactly a year before Wannacry outbreak.

In February 2016 it was an attack on the Southern California hospital, the Hollywood Presbyterian Medical Center. The hospital experienced a ransomware attack that crippled hospital services. It was an attack on the hospital like no other. The hospital center has been hacked. Its services were crippled as patients in the hospital were shifted to other hospitals. The hospital received a message to pay a ransom and get your systems back. So the hospital paid $17000 worth bitcoins to acquire the decryption key to restore its data.

“The quickest and more efficient way to restore our systems and administrative functions was to pay the ransom and obtain the decryption key. In the best interest of restoring normal operations, we did this,” Allen Stefanek, president of the Hollywood Presbyterian Medical Center said at the same time.
The hospitals have no other alternative other than paying up because the malware Locky went on to plague victims in the most of 2016.

By November,2016 it became one of the most common malware threats in the world in its own right. This particular strain of ransomware was so prolific.

But Locky disappeared in December,2016, prompting some cyber security researchers to suggest that those behind it went on a Christmas Break. It eventually re-emerged in January. Infections have been rising and dropping ever since.
For example after a months of zero activity, the king of ransomware was again back in August, 2016. It again attacked in a very big way which pushed a phishing emails containing Locky payload suddenly rushing inboxes. Not only that, but potential victims are targeted with new strains of locky – Diablo and Lukitus.
The question is why did this ransomware go so quiet in the first place??

But nobody knows what and who is exactly behind this locky is not found. The encryption of the experts which the researchers have been able to crack, found that, this is the work of highly professional group.
Like other software developer they are consistently working on their product unlike other forms of Ransomware. Locky isn’t available as-a-service for others to use. So it’s possible the campaigns go quiet as those behind on it work on their code or experiment with new tactics.

“The respite we saw from locky was just a planned pull-back on the attackers part. Like any organization, they need time to refine code and command-and-control infrastructure, plan new attack vectors, organize ransom payment collection methods and compile new lists of targets,” said Troy Gill, manager of security research at Appriver.
Each time Locky has briefly re-emerged before disappearing the course of this year. It has been doing something different suggesting that people behind it are experimenting.

For this case there is another example. A Locky spike in April saw the ransomware flirt with the new delivery technique by distributing it’s malware through infected PDFs instead office documents, a tactic associated with the Dridex malware botnet. By this it is clear that it can be implemented in any mode and become more successful.
“The timing of these come backs matches closely with the introduction of new attributes such as the most recent Diablo and Lukitus extensions for attached files and the use of new distribution techniques involving PDF documents and phishing links,” says Brendan Griffin, threat intelligence manager at PhishMe.
“These periods of locky absence are used as a chance to build upon their successes and find new, smarter ways to deliver their ransomware.”

Nercus Botnet – a zombie army of over five million hacked devices and the ransomware appears to go off the radar when the botnet is used for other activity. Locky is distributed through this Nercus Botnet. It is re-emerged following a period of inactivity in March with its power was harnessed to distribute email stock scams is an example for this case. The following months saw the continuation of malicious activity with nercus shifting to the distribution of Jaff Ransomware.

While less sophisticated than locky, researchers found that Locky and Jaff Ransomware are somewhere interrelated. Not only do the Jaff decryptor website and the locky decryptor website look identical, but like locky, ransomware will delete itself from the infected machine if the local language is Russian.
Not same as Locky researchers have been able to construct a new decryption tool for jaff. The distribution for this is declined since it was released in June.

Since then, the Nercus Botnet has returned to distributing Locky , which might indicate that they may experiment with other forms of cyber criminal activity, those behind Locky see it as reliable tool to fall back on – because it works on and fetches revenue.

“Locky is an incredibly powerful and well developed piece of ransomware,” says Adam Kujawa director of malware intelligence at malwarebytes. “At the end of the day bad guys want to make money and they can use whatever software they want that they can get in their hands on to make that happen.”

So while Locky is successful, those behind are opportunistic and constantly on the lookout for other means of making money and if that means dropping locky in favour of something else then so be it.
Now Locky is more successful because victims are still paying ransoms. The attackers would easily move onto something else. But, 18 months from the attack of the medical center the ransomware is still here successfully infiltrating the networks. It remains successful because it works and enough people get infected after being morphed by phising emails and enough organisations will give in and pay the ransom fee in order to reaccess their own systems because there is no decryption tool available.

Locky is successful because and returning eventually. So next time it appears to go silent not making any assumptions about the ransomware being dead. It is going offline but the people behind it are still working on it to make it more effective.

Filed Under: Videos Tagged With: Appriver, Dridex malware botnet, infected PDFs, Locky Ransomeware:, social engineering technique

LearnCBSE.in Student Education Loan
  • Student Nutrition - How Does This Effect Studies
  • Words by Length
  • NEET MCQ
  • Factoring Calculator
  • Rational Numbers
  • CGPA Calculator
  • TOP Universities in India
  • TOP Engineering Colleges in India
  • TOP Pharmacy Colleges in India
  • Coding for Kids
  • Math Riddles for Kids with Answers
  • General Knowledge for Kids
  • General Knowledge
  • Scholarships for Students
  • NSP - National Scholarip Portal
  • Class 12 Maths NCERT Solutions
  • Class 11 Maths NCERT Solutions
  • NCERT Solutions for Class 10 Maths
  • NCERT Solutions for Class 9 Maths
  • NCERT Solutions for Class 8 Maths
  • NCERT Solutions for Class 7 Maths
  • NCERT Solutions for Class 6 Maths
  • NCERT Solutions for Class 6 Science
  • NCERT Solutions for Class 7 Science
  • NCERT Solutions for Class 8 Science
  • NCERT Solutions for Class 9 Science
  • NCERT Solutions for Class 10 Science
  • NCERT Solutions for Class 11 Physics
  • NCERT Solutions for Class 11 Chemistry
  • NCERT Solutions for Class 12 Physics
  • NCERT Solutions for Class 12 Chemistry
  • NCERT Solutions for Class 10 Science Chapter 1
  • NCERT Solutions for Class 10 Science Chapter 2
  • Metals and Nonmetals Class 10
  • carbon and its compounds class 10
  • Periodic Classification of Elements Class 10
  • Life Process Class 10
  • NCERT Solutions for Class 10 Science Chapter 7
  • NCERT Solutions for Class 10 Science Chapter 8
  • NCERT Solutions for Class 10 Science Chapter 9
  • NCERT Solutions for Class 10 Science Chapter 10
  • NCERT Solutions for Class 10 Science Chapter 11
  • NCERT Solutions for Class 10 Science Chapter 12
  • NCERT Solutions for Class 10 Science Chapter 13
  • NCERT Solutions for Class 10 Science Chapter 14
  • NCERT Solutions for Class 10 Science Chapter 15
  • NCERT Solutions for Class 10 Science Chapter 16

Free Resources

RD Sharma Class 12 Solutions RD Sharma Class 11
RD Sharma Class 10 RD Sharma Class 9
RD Sharma Class 8 RD Sharma Class 7
CBSE Previous Year Question Papers Class 12 CBSE Previous Year Question Papers Class 10
NCERT Books Maths Formulas
CBSE Sample Papers Vedic Maths
NCERT Library

NCERT Solutions

NCERT Solutions for Class 10
NCERT Solutions for Class 9
NCERT Solutions for Class 8
NCERT Solutions for Class 7
NCERT Solutions for Class 6
NCERT Solutions for Class 5
NCERT Solutions for Class 4
NCERT Solutions for Class 3
NCERT Solutions for Class 2
NCERT Solutions for Class 1

Quick Resources

English Grammar Hindi Grammar
Textbook Solutions Maths NCERT Solutions
Science NCERT Solutions Social Science NCERT Solutions
English Solutions Hindi NCERT Solutions
NCERT Exemplar Problems Engineering Entrance Exams
Like us on Facebook Follow us on Twitter
Watch Youtube Videos NCERT Solutions App