Security researchers have discovered that white hat crusaders are substituting versions of ransomware with dummy files.
Avira security expert, Sven Carlsen, explained in a
blog post this week that his team discovered the unlikely campaign after downloading a version of what it thought was the Locky ransomware.
“But in place of the expected ransomware, we downloaded a 12kb binary with the plain message ‘Stupid Locky’,” he claimed.
“It seems that someone was able to access one of the command and control servers and replaced the original Locky ransomware with a dummy file. And I do mean dummy in the fullest expression of the word.”
The malware itself is typically hidden inside a malicious email attachment masquerading as an invoice, with users tricked into starting the infection process via classic social engineering.
“The JavaScript inside the attachment is usually obfuscated which means the real content isn’t visible or understandable for the reader,” Carlsen explained.
