Researchers at Proofpoint have previously identified a ransomware virus, known as Hades Locker. The virus mimics the notorious Locky ransomware’s ransom note; however, researchers are still not convinced whether or not this is Locky.
The researchers believe that the HadesLocker also has a connection with two other notorious viruses – MarsJoke ransomware and CryptFile2 crypto virus. One very strong indicator that Hades Locker may be related to the other viruses is that it also targets organizations very much like MarsJoke. The difference, however, is while MarsJoke ransomware targets primarily government organizations, Hades Locky ransomware aims to target businesses.
The infection spam campaigns by Hades Locker is not reported to be a big one, but more custom for every infection instead. Since the virus targets different private organizations, like manufacturing facilities, it is believed that cyber-crooks may use different approaches for organizations that they target. One instance may be if the crooks obtain access to credentials of one of the employees in the company and use them to send out phishing e-mails or the HadesLocker in another form.
Even though the virus may be a variant of Wildfire Locker due to some key resemblances, it mimics one of the most notorious ransomware viruses – Locky. One of the indicators for this is the similarity in the two ransom notes as shown below:
However, malware researchers are convinced that this malware may have nothing to do with the notorious Locky, except that it copies it’s ransom note. This may be done as a diversion since victims may look for the virus type by the ransom note and be deceived into thinking the malware is Locky instead. Another theory is that the malware makers may have gotten sloppy and simply did not want to create their ransom note which is most often the case.
The bottom line is that ransomware in overall is becoming more widespread and more and more variants are being released since many instances are being sold in the deep web markets. The bad news, however, is that the viruses are also reported to be spreading in newer and newer methods. Not only this, but targeted attacks are significantly difficult to defend against which is why security measures that are concealed should be implemented so that the attacker is restricted to as much information as possible and the cyber-attack fails. Also, it is very important for organizations and individuals both to implement modern data management solutions that will secure their files even after a ransomware attack.