A new version of the Locky ransomware is now available and can end up installed disguised as DLL files.
The Locky ransomware continues to evolve. The latest change is an update to how Locky reaches its victims and how the encryption process starts.
The latest Locky versions drop DLL files on infected computers, instead of EXE files, said researchers at cyber security provider Cyren. The rest of the infection chain remains as we know it.
This file injects into a process, and its malicious code executed, which starts the file encryption operation. Another new feature is this DLL file uses a custom packer to prevent anti-malware scanners to easily detect it.
This version locks files and appends the .zepto extension at the end, meaning this a version of the Zepto ransomware, another name for Locky.