Security analysts have discovered that the Locky ransomware may be reappearing with the AESIR extension.
Locky Rises To The Aesir
Computer security analysts have spotted a new malware threat that is believed to be a new iteration of the dangerous Locky ransomware family. The first detection of the new virus has been announced today.
There is still limited information about the new update however here are some of the known key changes to the Locky code:
- There is a new command and control remote malicious server URL
- The POST command is changed to point to the /information.cgi location
- The compromised files are renamed using the .AESIR extension
Some other reports indicate that other Locky might infect computer owners, encrypt their files and append the .pikachu extension. This is probably another Locky or Locky-related virus threat.
The analysts have run the available virus samples through several heuristic scans and the virus is already being added by various anti-virus and anti-spyware vendors to the daily updated definition sets. As the Locky origins are not yet confirmed generic names are appended to the threat. Some of the names are the following:
- malicious_confidence_95% (D)
- [email protected] (thunder)
Some of our readers might question why the virus has changes the extension. Major changes in the big ransomware families occur with new naming schemes. Locky is a reference to Loki, the Norse Trickster God and Aesir is one of the two main groups of Deities in the Norse Pantheon. The other one is the Vanir which is probably going to be used in later iterations of the ransomware threats.
We are going to update you when we receive more information about the new virus instances.