Locky was the most successful ransomware of 2016.
never going to fizzle out; one of the most prolific forms of ransomware is back
after what appears to have been a holiday break.
Locky evolved to become the most notorious ransomware threat during 2016, even becoming the second most common malware threat by November. Locky ransomware campaigns dipped massively over Christmas, but cybersecurity researchers at Cisco Talos have noticed how attempts to deliver this form of ransomware are slowly beginning to rise again.
The main driver behind Locky campaigns is the Necurs botnet, which prior to the holidays was sending out hundreds of thousands of malicious spam emails containing the ransomware every day. Researchers note that the revived Locky campaign is delivering fewer than a thousand messages a day - but it does appear to be leveraging some new tactics, which might be a test run before launching a new, full-on Locky campaign with new twists.
The first of the two new campaigns has been dubbed 'Double Zipped Locky' and sees cybercriminal perpetrators attempting to hide their malicious payload in a Zip file within a Zip file in the hope that the victim will think they're opening a document, instead of a malicious payload.
Currently, the Double Zip campaign is sent using the extremely basic format of a blank email containing the malicious attachment.