In recent months, there has been a significant increase in the number of networks and users affected by ransomware known as Locky, which is used to encrypt a victim’s files and then demand a ransom to be paid in bitcoins. But, how does this threat manage to infiltrate computer systems and hijack data? From the ESET Research Lab in Latin America, we can explain the steps and the methods used by cybercriminals to evade various layers of security.
The diagram below shows the Locky infection process leading to the payload. Initially, the user will receive an email which may be based on one of a number of topics and in various languages. This email will contain a Microsoft Office document in an attachment (this could be .DOC, .DOCM or .XLS). This document creates a BAT file, which in turn creates another file in VBScript code. Between them, these files will later download the main threat, detected by ESET solutions asWin32/Filecoder.Locky.
Analysis of the Locky infection process
No comments:
Post a Comment
Note: Only a member of this blog may post a comment.