Locky Ransomware Mimicked by Hades Locker Virus - How to, Technology and PC Security Forum | SensorsTechForum.com

Locky Ransomware Mimicked by Hades Locker Virus

hades-locky-sensorstechforumResearchers at Proofpoint have previously identified a ransomware virus, known as Hades Locker. The virus mimics the notorious Locky ransomware’s ransom note; however, researchers are still not convinced whether or not this is Locky.

The researchers believe that the HadesLocker also has a connection with two other notorious viruses – MarsJoke ransomware and CryptFile2 crypto virus. One very strong indicator that Hades Locker may be related to the other viruses is that it also targets organizations very much like MarsJoke. The difference, however, is while MarsJoke ransomware targets primarily government organizations, Hades Locky ransomware aims to target businesses.

To spread and cause successful infections, HadesLocker uses the conventional ransomware spreading technique – via corrupted e-mails. Emails that have attachments or URLs which link to a .doc file that causes the infections. Usually, the malicious Microsoft Office documents are believed to cause an infection via either malicious macros or JavaScript.

The infection spam campaigns by Hades Locker is not reported to be a big one, but more custom for every infection instead. Since the virus targets different private organizations, like manufacturing facilities, it is believed that cyber-crooks may use different approaches for organizations that they target. One instance may be if the crooks obtain access to credentials of one of the employees in the company and use them to send out phishing e-mails or the HadesLocker in another form.

Even though the virus may be a variant of Wildfire Locker due to some key resemblances, it mimics one of the most notorious ransomware viruses – Locky. One of the indicators for this is the similarity in the two ransom notes as shown below:


However, malware researchers are convinced that this malware may have nothing to do with the notorious Locky, except that it copies it’s ransom note. This may be done as a diversion since victims may look for the virus type by the ransom note and be deceived into thinking the malware is Locky instead. Another theory is that the malware makers may have gotten sloppy and simply did not want to create their ransom note which is most often the case.

The bottom line is that ransomware in overall is becoming more widespread and more and more variants are being released since many instances are being sold in the deep web markets. The bad news, however, is that the viruses are also reported to be spreading in newer and newer methods. Not only this, but targeted attacks are significantly difficult to defend against which is why security measures that are concealed should be implemented so that the attacker is restricted to as much information as possible and the cyber-attack fails. Also, it is very important for organizations and individuals both to implement modern data management solutions that will secure their files even after a ransomware attack.


Ventsislav Krastev

Ventsislav has been covering the latest malware, software and newest tech developments at SensorsTechForum for 3 years now. He started out as a network administrator. Having graduated Marketing as well, Ventsislav also has passion for discovery of new shifts and innovations in cybersecurity that become game changers. After studying Value Chain Management and then Network Administration, he found his passion within cybersecrurity and is a strong believer in basic education of every user towards online safety.

More Posts - Website

Follow Me:

Leave a Comment

Your email address will not be published. Required fields are marked *

Time limit is exhausted. Please reload CAPTCHA.

Share on Facebook Share
Share on Twitter Tweet
Share on Google Plus Share
Share on Linkedin Share
Share on Digg Share
Share on Reddit Share
Share on Stumbleupon Share