Ransom.Locky has returned after a month’s hiatus, with two new spam campaigns hinting at larger attacks to come.
Cisco Talo s researcher Nick Biasini said that Locky’s typical volume dropped in late December. However, earlier this week, two spam campaigns started spreading the ransomware again. The Backdoor.Necurs botnet appears to be behind these campaigns, though it is sending fewer emails than before. “We typically would see hundreds of thousands of Locky spam, we are currently seeing campaigns with less than a thousand messages,” said Biasini.
Symantec is investigating these campaigns.