Locky, the infamous ransomware plaguing computers worldwide since it was first seen early last year, has recently made a comeback after a severe drop in activity over the holiday season. The Necurs botnet, which is Locky's primary distributor, was offline for the final weeks of 2016, equating to an 81% decrease in the number of Locky attacks.
It appears the Necurs botnet has begun distributing Locky again, though with much less intensity than expected. Even though the volume of Locky spam emails has decreased, the ransomware’s encryption still cannot be broken. The new campaigns also deliver Kovter, a click-fraud malware, which will remain on the system even if the victim pays the ransom for their files.
ThreatSTOP customers are protected from Locky and Kovter if they have the TSCritical and TSRansomware targets enabled in their policy.