Gray hats hack Locky again, replaces payload with ransomware PSA

A distributor of Locky ransomware fell victim to a gray hay hacker who replaced the malicious payload with a warning message for Internet users.
A distributor of Locky ransomware fell victim to a gray hay hacker who replaced the malicious payload with a warning message for Internet users.

Another gray hat hacker has tampered with the distribution of Locky ransomware, replacing the payload with a public-service message to potential victims, warning not to open strange files.

The incident comes about two weeks after anti-virus company Avira reported that an unknown perpetrator broke into a prominent command and control server and replaced Locky with coding that delivered the message “Stupid Locky.” 

This time, F-Secure reported on its blog that “Paivi,” one of the researchers on its threat intelligence team, discovered evidence of a similar hack, in which the payload was replaced with the following message: “You are reading this message because you have opened a malicious file. For your safety, don't open unknown email attachment [sic].”

F-Secure did not suggest there was a connection between the two hacks.

You must be a registered member of SC Magazine to post a comment.

Sign up to our newsletters

TOP COMMENTS