Locky Ransomware makes a shocking comeback

Locky, a ransomware which rocked the world a few years ago, was almost forgotten due to its absence since the dawn of 2017, but recent reports suggested that the ugly ransomware resurfaced on the internet again. This claim comes after the discovery of new major versions of Locky which were distributed via large malspam campaigns.

The first variant to be discovered was christened Diablo6, named after the .diablo6 file extension that it appends to encrypted files. BleepingComputer has credited its discovery to researcher " Racco42," who tweeted about his findings back on Aug. 9, when the attacks reportedly began in earnest.

Another variant which mimicked similar behavior appeared on Aug. 16, capturing the attention of Malwarebytes analysts, as well as researcher Rommel Joven, who were both early to report on their findings. This version appends the extension " .Lukitus" to affected files.

The malicious spam emails which carried these ransomware featured subject lines with just a date and random number, minimalist message body that states: " Files attached. Thanks" . However, there was also other kind of spam mails found by Fortinet researchers and they had more content-rich email sample with a subject line referencing a business document from a company, with a message claiming the attachment is an invoice for purchased goods.

Fortinet on its blog post dated Aug. 14, stated that most of the Diablo6 spam directed at the U.S. (37 percent) and Austria (36 percent), followed by Great Britain, Denmark and India.

Locky arose in 2016, but slowly faded from the scene by the end of last year since the attackers moved on to other ransomware families.