Locky Ransomware Returns!
Before the world could recover from the deadly WannaCry ransomware, the Locky Ransomware is back. The ransomware that hit many in 2016 is back again. Spreading through spam emails by Nercus group the old Locky is back to hit us again. But it seems that it isn’t as effective and destructive as it should be as the return of Locky is also able to infect systems with Windows Vista and XP.
Locky’s Successor, Not So Successful
Recently, NercusBonet had released its new ransomware Jaff which was more or less like Locky, hitting systems through spam emails and encrypting files. But to Nercus’ surprise, Kaspersky Labs, a security research company found a way to decrypt those files. The lab also released a free Utility to decrypt files for the infected users.
This made the descendant Locky go down but Nercus wouldn’t just sit down quietly. Recently, they released the old Locky with some new features. As nobody could ever crack Locky, Nercus thought that it would be a better source of extorting money out. Soon after the release of Jaff’sdecryptor, the spam emails stopped and NercusBonet releases Locky once again. Although Locky came out with some new features and tricks, it is almost similar to the earlier version. You can check out working Locky removal tool here so that you don’t pay any ransom to attackers!
Bug Found in the New Variant of Locky
Although Locky had never been decrypted before, it does have some flaws that were noticed by Cisco’s Talos division. The company discovered that although the ransomware is hard coded and finding a decryptor is not that easy job, it does have a bug. After researching and testing the new Locky, researchers found out that the version of Locky can only infect systems with Windows older than 7 such as Vista or Windows XP.
The reason to this is the newer version of Windows such as 7 or 8 has a feature called Windows DEP security which stands for Window Data Execution Prevention. This feature is not available in older versions of Windows. The DEP causes the unpacker to fail and thus preventing the ransomware to infect the system.
The bug in the new Locky tells us that the hackers were in a possible rush of releasing the ransomware that they didn’t realize this big bug in their strategy. This can also be because they had already spent a lot of their resources in distributing the ransomware and forget to notice this flaw. Another report by Cisco says that Locky has covered 7.2% of spam emails on the internet and that is massive for a target that is less than just 10%.
Hospitals Using Windows XP & Vista in Danger
But, it doesn’t seem like this 10% is not important. This 10% user base includes hospitals in the US and outside using older versions of Windows and while Locky is preying on these systems only, these databases need immediate attention and action.
Although security firms around the world including Cisco and Kaspersky Lab have released important guidelines and measures against such ransomware, there is no silver bullet. The best and the only option is finding a decryptor which can help the organizations and users infected with such ransomware. It’s better to install SpyHunter 4 on your PC so that you can easily bypass the fake emails that have Locky Ransomware in it.