For several weeks security experts have had success slowing Locky ransomware infection rates. That’s been due to aggressive efforts to combat the Trojan downloader Nemucod, used in recent campaigns to distribute Locky. But now researchers say hackers behind Locky are changing tactics, giving the ransomware new legs.
According to the Microsoft Malware Protection Center team, Locky ransomware authors have shifted the type of malicious attachments used in their spam campaigns to evade detection. They have observed Locky authors moving away from the use of .wsf files hiding Nemucod.