Reading: Necurs Botnet Resurfaces With Updated Locky and Dridex Versions

Bitcoin

Necurs Botnet Resurfaces With Updated Locky and Dridex Versions

Avatar

Jp Buntinx · @http://twitter.com/jdebunt | Jun 24, 2016 | 05:09

Necurs Botnet Bitcoin

Necurs Botnet Resurfaces With Updated Locky and Dridex Versions

Avatar

Jp Buntinx · @http://twitter.com/jdebunt | Jun 24, 2016 | 05:09

Send
Share

Locky remains one of the biggest ransomware threats to this very date. Now that the Necurs botnet is back, it looks like a new version of Locky Bitcoin ransomware is available as well. A new spam campaign is underway to infect as many computers as possible.

Also read: Pound Crashes as UK Votes to Leave European Union

Roughly three weeks ago, the Necurs botnet suddenly went offline, leaving security researchers puzzled as to what happened to it. This reprieve was rather short-lived, however, as the botnet returned in full force a few days ago. Moreover, it is spreading an improved version of both Locky ransomware and the Dridex banking trojan.

Necurs Botnet Is On The Job

Bitcoinist_Necurs Botnet Dridex Locky

Proofpoint researchers noted how the Necurs botnet started sending out several million spam emails on Monday. All of these emails contain both types of malware, in the hopes of infecting consumer machines and corporate networks all over the world. Ransomware has become far more popular in 2015 than ever before, and it seems like this trend will continue throughout 2016.

Although details are not officially confirmed, security researchers believe Necurs is one of the largest botnets in the world. Threatpost mentioned how there seem to be over 6.1 million infected computers as part of this network.Moreover, this botnet has been instrumental in spreading Dridex and Locky, resulting in US$100,000 to US$200,00 in daily revenue from these malware strains.

Similar to how these spam messages tried to infect users in the past, fake invoice attachments remain the primary method of distribution. Targeted users will receive a generic email containing an invoice which will download Locky or Dridex onto the host computer. Some emails also come with a zip file that contains JavaScript code.

As one would come to expect, the new and improved Locky is even better at avoiding detection. Several new features have been built in by the developers, such as detecting a sandboxed environment and relocation Locky instruction code. Security researchers will have a hard time coming up with new solutions to combat this ransomware moving forward.

What are your thoughts on the Necurs botnet resurfacing? Let us know in the comments below!

Source: Threatpost

Images courtesy of Shutterstock

Tags: , , , ,
Send
Share
Bitcoin

Tim Draper Bets On The Price of Bitcoin With Argentina President

The Rundown Draper Lures Macri With Money For...

Esther Kim | Mar 25, 2019 | 11:00

bitcoin price bubble
Bitcoin

Why Bitcoin is Incomparable to History’s Famous Bubbles

The Rundown ‘Bitcoin is a Completely New...

Allen Scott | Mar 25, 2019 | 08:00

bitcoin price
Bitcoin

Bitcoin Price Posts 5 Weeks Of Consecutive Gains

The Rundown Bitcoin Price on a (Slow) 5-Week Winning...

Esther Kim | Mar 25, 2019 | 06:00

bitcoin price bear
Bitcoin

Bitcoin Price Analysis: Bears Look to Trap Bulls Into Weekly Close

The Rundown Bitcoin price: 4-HOUR CHART1-DAY...

filb filb | Mar 24, 2019 | 15:30

Agustin Carstens BIS
Bitcoin

BIS Chief Doesn’t Want Central Banks To Issue Cryptocurrency

The Rundown BIS: Vested Interest In Legacy...

Emilio Janus | Mar 24, 2019 | 11:00

Bitcoin

Bitcoin Rabbi: Following Jewish Law Similar to Running a Full Node...

Bitcoinist spoke with Michael Caras who calls himself...

Allen Scott | Mar 23, 2019 | 15:00

Show comments