1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

New Locky ransomware version can operate in offline mode

Discussion in 'CSO' started by RSS, Jul 14, 2016.

  1. RSS

    RSS New Member Member

    The creators of the widespread Locky ransomware have added a fallback mechanism in the latest version of their program for situations where the malware can't reach their command-and-control servers.

    Security researchers from antivirus vendor Avira have found a new Locky variant that starts encrypting files even when it cannot request a unique encryption key from the attacker's servers because the computer is offline or a firewall blocks the communication.

    Calling home to a server is important for ransomware programs that use public key cryptography. In fact, if they're unable to report back to a server after they infect a new computer, most such programs don't start encrypting files.

    To read this article in full or to leave a comment, please click here

    Continue reading...

Share This Page