Category Archives: Locky

You are here:

Home
Category "Locky"

Locky Actors Adopt QTLoader to Deliver Ransomware

LockyBy precisionsec November 1, 2017

Starting October 19, 2017, the actors behind Locky distribution started using a new loader to drop their Ransomware. The new loader has been dubbed QTLoader or QTBot based on some strings and registry keys used by the malware. The use of the so-called QTLoader coincided with the adoption of the DDE AUTO feature of Office…

Locky Ransomware Actors Adopt DDE Technique to Deliver Malware

LockyBy precisionsec October 19, 2017

The actors behind the Locky Ransomware family have adopted the recent highly publicized Dynamic Data Exchange (DDE) protocol vulnerability to deliver their malware. The DDE technique has been around for some time, but it was recently brought to attention by the people over at SensePost on October 9, 2017. The technique essentially allows for code…