Hackers Replace Ransomware with Dummy File
Security researchers have discovered that white hat crusaders are substituting versions of ransomware with dummy files.
“But in place of the expected ransomware, we downloaded a 12kb binary with the plain message ‘Stupid Locky’,” he claimed.
“It seems that someone was able to access one of the command and control servers and replaced the original Locky ransomware with a dummy file. And I do mean dummy in the fullest expression of the word.”
The malware itself is typically hidden inside a malicious email attachment masquerading as an invoice, with users tricked into starting the infection process via classic social engineering.
The news is somewhat heartening given the soaring rate of ransomware infections currently underway, although it represents just a drop in the ocean in terms of a fightback.
Kaspersky Lab this week claimed ransomware infections soared by 14% in the first three months of the year, with the number of victims climbing by 30%.
That said, the Locky case calls to mind a similar previous incident in February, when the Dridex botnet was hijacked.
In that case, malicious links were replaced by installers for Avira Antivirus.
Dridex is among the most widespread banking malware bots around.
Previous to that, the Avira installer has been added to CryptoLocker and Tesla ransomware, although it’s unclear whether the incidents are connected.
Source: Information Security Magazine