Some time ago, we detailed how the Locky ransomware infection process works. Since then, the creators of the Nemucod “downloader” (the code responsible for downloading and executing malware like Locky) have been hard at work polishing their code.
One of the latest versions of Nemucod shows some notable changes over the older versions. In the past, the process was pretty simple: “User opens malicious file → File downloads payload → payload gets executed”. In the more recent versions however, it’s somewhat less straightforward.
Nemucod ups its game
No comments:
Post a Comment
Note: Only a member of this blog may post a comment.