20.02.16, Ransomware Locky Trojan, Germany high infection rates

by butsch 20. February 2016 23:09


The rate new ransomeware Drops in currently and the fact that it's getting more aggresive will turn around IT-security in 2016 complete.

People who denied to spend money in protection and new technology will suffer. CIO/IT-mangers who are afraid of managment will have to learn to stand up and defend their position.


Dridex: Tidal waves of spam,pushing dangerous financial Trojan, Dick O'Brien, February 16, 2016



Locky Cryptlocker




Lock down Office for Locky with Gpo


Users will cry but will even more if it hits you





Communication is via h00p://


This threat can create files on your PC, including:


  • _Locky_recover_instructions.txt
  • _Locky_recover_instructions.bmp
  • %temp%\svchost.exe - locky ransomware
  • [ID][identifier].locky (encrypted files)

It modifies the registry so that it runs each time you start your PC, as part of its installation routine For example:

In subkey: HKEY_CURRENT_USER\Software\Locky
Sets value: "id"
With data: "8C05983C8B06FC65" --> ID of the victim

In subkey: HKEY_CURRENT_USER\Software\Locky
Sets value: "pubkey"
With data: hex:06,02,00,00,00,a4,00,00,52,53,41,31,00,08,00 … -->RSA public key

It encrypts files with the following extensions:​






































.ms11 (Security copy)


































































































































Comments are closed

Werbung von Drittfirmen (Nicht Butsch Informatik):

Werbung von Drittfirmen via Google Adsense: