Menu
New Locky ransomware version can operate in offline mode

New Locky ransomware version can operate in offline mode

The program will start encrypting files even if it can't connect to a command-and-control server

The creators of the widespread Locky ransomware have added a fallback mechanism in the latest version of their program for situations where the malware can't reach their command-and-control servers.

Security researchers from antivirus vendor Avira have found a new Locky variant that starts encrypting files even when it cannot request a unique encryption key from the attacker's servers because the computer is offline or a firewall blocks the communication.

Calling home to a server is important for ransomware programs that use public key cryptography. In fact, if they're unable to report back to a server after they infect a new computer, most such programs don't start encrypting files.

That's because the encryption routine relies on unique public-private key pairs that are generated by the attackers' servers for each computer.

First, the ransomware program generates a symmetric encryption key and uses an algorithm like AES (Advanced Encryption Standard) to encrypt files. Then, it reaches out to a command-and-control server and asks the server to generate an RSA key pair for the newly infected computer.

The public key is sent back to the ransomware program and is used to encrypt the AES encryption key. The private key, which is required to decrypt what the public key encrypted, never leaves the attackers' server and is the key that users get when they pay the ransom.

Because of this process, some ransomware infections can be rendered ineffective if a network firewall detects their connection attempt and blocks it as suspicious right from the start.

Companies can also quickly cut off a computer from the Internet if a ransomware detection is triggered to try to limit the damage. They can also take the whole network offline temporarily until they can investigate if other computers have also been affected.

These measures are no longer viable for Locky, one of the most widespread ransomware threats plaguing users today, because of the changes made to it.

The good news is that Locky will start encrypting files using a predefined public key that's the same for all offline victims. This means that if someone pays the ransom and obtains the private key, that key will work for all other offline victims as well.

Security researchers from F-Secure have observed two massive spam campaigns distributing Locky this week, one of them reaching 120,000 spam hits per hour, more than 200 times higher than the spam hits on a regular day, the researchers said in a blog post.

Both campaigns spread emails with rogue zip attachments that contained malicious JavaScript files. The use of JavaScript files to distribute malware has become an attacker favorite in recent months. Such files can be executed on Windows out of the box, without any special software.

Follow Us

Join the New Zealand Reseller News newsletter!

Error: Please check your email address.

Featured

Slideshows

Arrow exclusively introduces Tenable Network Security to A/NZ channel

Arrow exclusively introduces Tenable Network Security to A/NZ channel

Arrow Electronics introduced Tenable Network Security to local resellers in Sydney last week, officially launching the distributor's latest security partnership across Australia and New Zealand. Representing the first direct distribution agreement locally for Tenable specifically, the deal sees Arrow deliver security solutions directly to mid-market and enterprise channel partners on both sides of the Tasman.

Arrow exclusively introduces Tenable Network Security to A/NZ channel
Examining the changing job scene in the Kiwi channel

Examining the changing job scene in the Kiwi channel

Typically, the New Year brings new opportunities for personnel within the Kiwi channel. 2017 started no differently, with a host of appointments, departures and reshuffles across vendor, distributor and reseller businesses. As a result, the job scene across New Zealand has changed - here’s a run down of who is working where in the year ahead…

Examining the changing job scene in the Kiwi channel
​What are the top 10 tech trends for New Zealand in 2017?

​What are the top 10 tech trends for New Zealand in 2017?

Digital Transformation (DX) has been a critical topic for business over the last few years and IDC is now predicting a step change as DX reaches macroeconomic levels. By 2020 a DX economy will emerge and it will become the core of what New Zealand industries focus on. From the board level through to the C-Suite, Kiwi organisations must be prepared to think and act digital when the DX economy emerges in 2017.

​What are the top 10 tech trends for New Zealand in 2017?
Show Comments