The creators of the widespread Locky ransomware have added a fallback mechanism in the latest version of their program for situations where the malware can’t reach their command-and-control servers.
Security researchers from antivirus vendor Avira have found a new Locky variant that starts encrypting files even when it cannot request a unique encryption key from the attacker’s servers because the computer is offline or a firewall blocks the communication.
Calling home to a server is important for ransomware programs that use public key cryptography. In fact, if they’re unable to report back to a server after they infect a new computer, most such programs don’t start encrypting files.
To read this article in full or to leave a comment, please click here