We previously warned readers about the Locky ransomware, which is potent and designed to use phishing emails to lure users to click on links and attachments, including pdfs.

Now, researchers at Cylance have discovered that a new Locky variant, known as Diablo6, is a variant of Locky, but much more difficult to detect. According to the researchers, Diablo6 attacks users twice—the first time in the traditional way—through a phishing email, which contains a zip file containing ransomware. When it is opened, the file contains a VBS file which attempts to connect to Locky’s command and control server for instructions.

Then, the VBS script downloads the ransomware. If it fails, a backup command and control server then attempts to download the ransomware again, but it downloads it into a temporary folder before attacking and encrypting files. Once it encrypts the files, a ransom note is placed on the user’s screen, and the encryption script self-destructs. UGH!

What does this mean? Locky continues to be one of the most vicious ransomwares out there. Ransomware continues to be a huge problem for all industries, and employers would do well to keep their employees attuned to these attacks that can bring companies to their knees.

[View source.]