fast-adapting ransomware, solid encryption, big-name victims, and a bit of paranoia over whether current security software was actually able to stop this threat.
It was a bad situation. Even worse, think about this from the perspective of an ambitious cybercriminal flogging and distributing some other, less effective malware: 1. You get jealous. 2. You look around at other options. 3. You rebrand your product so it includes those hot emotional triggers of FUD (Fear, Uncertainty, and Dread) along with a message from the Authorities that can calm a readers’ emotional anxiety.
The result is a phishing message that purportedly comes from the Bundeskriminalamt – The German criminal investigation police. And while the letter says it is providing a Locky removal kit, it actually provides a downloader to a Trojan banker malware. “They are just trying to use the paranoia after Locky to infect users with another malware,” says Oscar Anduiza, malware analyst at Avira.
Is there no code of honor among these thieves?
While the packaging of this email is quite timely, the malware itself is not unique. You could even say it is “known malware in a new wrapper,” he points out. Regardless of its new phishing appearance, Avira has been detecting it from the very beginning. Here is the icon of the fake tool.
Unlike Locky, this will not encrypt your files. But, it will try to do the following:
So what can we learn from this situation: