Locky developers upgrade ransomware's ability to perform offline encryption

News by Bradley Barth

A new analysis of Locky ransomware configurations by IT security firm Avira has revealed improved offline capabilities that enhance its ability to automatically encrypt victims' files, without interaction with a command-and-control server.

A new analysis of Locky ransomware configurations by German IT security firm Avira has revealed improved offline capabilities that enhance its ability to automatically encrypt victims' files, without interaction with a command-and-control server.

Configurations observed in previous versions of Locky contained some C&C URLs in addition to a parameter for domain generation algorithms used to create additional URLs. However, the new code has eliminated this, allowing the malware to operate more stealthily while reducing infrastructure support costs. “By minimising their code's online activities, they don't have to pay for so many servers and domains anymore,” said Moritz Kroll, malware specialist at Avira Protection Labs, according to an Avira blog post last week.

Avira first reported in July that Locky added offline encryption tactics. Earlier this month, security researcher Timothy Davies noted a new Locky update featuring an RSA key embedded within the ransomware's code.

Topics:

Find this article useful?

Get more great articles like this in your inbox every lunchtime

Upcoming event 

Webcast: Understanding this year's biggest adversaries - and how to combat them 

Nation-state activity, versatile, slippery strategies and Big Game Hunting - the threats are real, dangerous and ever changing. 
Brought to you in partnership with Crowdstrike