CYREN Security Blog




Locky Ransomware Now Embedded in Javascript

by Maharlito Aquino

Filed under Malware Analysis, Ransomware, Security Research & Analysis.

A new wave of Locky malware emails have been making the rounds since yesterday (July 20, 2016). The attached javascript, however, has evolved from being a downloader component into becoming the actual ransomware. These javascript variants are detected by CYREN as dropper trojans named JS/LockyDrop.A and  JS/LockyDrop.A!Eldorado...

Locky Distributors Switch to Word Macro and then WSF Files

by Avi Turiel

Locky Ransomware continues to be distributed in large numbers, however, the email attachments have been changed, probably due to greater blocking of the JavaScript files that have been favored until now...

Locky Developers Continue to Enhance Ransomware Delivery and Operation

by Lordian Mosuela

In the past week, we have seen a resurgence of Locky malware emails. 

Upon dissecting the script and assembling it into a readable form, we found that it uses a new technique for downloading Locky's binary executable. Unlike the old Locky JS script that only has a “download and execute” routine, the new Locky JS script now uses a decryption routine before running the binary executable...

Need a Password for a Stolen iPhone?

by Avi Turiel

Apple’s “find my iPhone” is one of the most useful reasons to be connected to iCloud.  If your iPhone is lost you can leave a message onscreen for the finder to contact you.  

Now, some criminals have found a way to get the iCloud credentials using a targeted phishing attack aimed at the phone owner...

Locky Returns After 22 Day Break with Sandbox Evasion Techniques

by Maharlito Aquino

There has been much speculation in the Internet Security industry about the status of Locky – the ransomware heavyweight of February-May 2016 which suddenly ceased distribution at the start of June. As we previously reported Locky was distributed in vast email outbreaks, many times exceeding 10 billion emails/day and often with hundreds of thousands of variants.

This article discusses the current theories for the sudden drop...