Locky Ransomware Rears its Head in Big August Campaigns

The Locky ransomware is continuing its resurgence, with a second wave of new but related attacks that build on a variant uncovered in early August. A few weeks ago, Locky changed its encryption extension to .lukitus, which means "locked" in Finnish. That variant is still impossible to decrypt, according to Heimdal Security, and was seen to be part of a set of malicious spam waves that are hitting users one after the other. A fresh late August campaign uses what Comodo Labs has dubbedthe IKARUS dilapidated version of Locky, which still has the .lukitus extension. It spreads using a botnet of zombie computers responsible for coordinating a phishing attack.