New Ransomware Trick – Locky Infects with DLL Files

Ransomware viruses are constantly evolving. The newest “innovation” in the scamming business is the infection by delivering DLL files. Locky and other ransomware viruses usually distribute their payload with the help of EXE files. The new DLL method is still in the experimental stage, but it’s still very dangerous for users.

Ransomware Changes Day-To-Day

Ransomware scammers need to change their viruses constantly to avoid detection from anti-virus and anti-malware tools. The team behind the Locky ransomware has the money, the time, and the necessary skills to change their malicious software at a very quick pace. Locky is one of the biggest, most profitable ransomware scams active right now. While that’s great for the cybercriminals behind it, it also means that more security software is being developed to combat it. That’s why the virus constantly changes, as the crooks search for new ways to infect users and demand ransom money.

SpyHunter anti-malware tool will diagnose all current threats on the computer. By purchasing the full version, you will be able to remove all malware threats instantly. Additional information about SpyHunter / Help to uninstall SpyHunter

The New DLL File and How It Fits in the Locky Ransomware Scheme

The Locky ransomware can now infect users with a DLL file instead of EXE file. The scheme still operates on the same checklist like it did before. The crooks create email messages that look trustworthy enough so people would click on them without thinking too much. The emails contain a ZIP file. Once that file is opened, it’ll run a JavaScript file, which will download the infected DLL file.

The format of the file isn’t the only thing that’s changed. The DLL files are also harder for anti-virus software programs to detect and neutralize. The DLL uses a custom packer, which hides its signature and makes it harder to detect. Anti-virus software scans for particular files and lines code. The programs can’t combat something they can’t detect.

The new version of the Locky ransomware encrypts files and puts the .zepto extension at the end of the file’s name. Zepto is a part of the Locky family of ransomware viruses. The virus then starts scanning for files to encrypt. It usually targets document, audio, video, photo files. The whole story shows why Locky is one of the hardest viruses to combat right now; they regularly change their routine of infection. As of now, there haven’t been any decryptors released for the ransomware.


The New Channels of Ransomware Infection

The DLL method that Locky has started using isn’t the only unorthodox method of distributing viruses. Viruses were also hidden in office files . There are trojans distributed without the need of tricking the user into clicking, known as No-Click trojan. All these clever methods of distributing viruses have made the scammers million dollars in the first half of this year.
The truth is that ransomware scamming is a low-risk-high-reward deal. It’s hard to locate the scammers, let alone identify and arrest them. While the new methods of distribution are getting more and more conniving, there is a silver lining in the story. It shows that users and the anti-malware industry are getting more wise to the old trick scammers use for distribution of malicious content.

Was this content helpful?

Author : Alex Dimchev

Alex Dimchev is a beat writer for Best Security Search. When he's not busy researching cyber-security matters, he enjoys sports and writing about himself in third person.

Related Posts

Leave a Reply

Your email address will not be published. Required fields are marked *