Gray hats hack Locky again, replaces payload with ransomware PSA
A distributor of Locky ransomware fell victim to a gray hay hacker who replaced the malicious payload with a warning message for Internet users.
Another gray hat hacker has tampered with the distribution of Locky ransomware, replacing the payload with a public-service message to potential victims, warning not to open strange files.
The incident comes about two weeks after anti-virus company Avira reported that an unknown perpetrator broke into a prominent command and control server and replaced Locky with coding that delivered the message “Stupid Locky.”
This time, F-Secure reported on its blog that “Paivi,” one of the researchers on its threat intelligence team, discovered evidence of a similar hack, in which the payload was replaced with the following message: “You are reading this message because you have opened a malicious file. For your safety, don't open unknown email attachment [sic].”
F-Secure did not suggest there was a connection between the two hacks.