Malware, Threat Management

Gray hats hack Locky again, replaces payload with ransomware PSA

Another gray hat hacker has tampered with the distribution of Locky ransomware, replacing the payload with a public-service message to potential victims, warning not to open strange files.

The incident comes about two weeks after anti-virus company Avira reported that an unknown perpetrator broke into a prominent command and control server and replaced Locky with coding that delivered the message “Stupid Locky.” 

This time, F-Secure reported on its blog that “Paivi,” one of the researchers on its threat intelligence team, discovered evidence of a similar hack, in which the payload was replaced with the following message: “You are reading this message because you have opened a malicious file. For your safety, don't open unknown email attachment [sic].”

F-Secure did not suggest there was a connection between the two hacks.

Bradley Barth

As director of multimedia content strategy at CyberRisk Alliance, Bradley Barth develops content for online conferences, webcasts, podcasts video/multimedia projects — often serving as moderator or host. For nearly six years, he wrote and reported for SC Media as deputy editor and, before that, senior reporter. He was previously a program executive with the tech-focused PR firm Voxus. Past journalistic experience includes stints as business editor at Executive Technology, a staff writer at New York Sportscene and a freelance journalist covering travel and entertainment. In his spare time, Bradley also writes screenplays.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.