.Lnk embedded PowerShell command – Computer Security Articles

Cybercriminals are using a combination of improved script and well-maintained download sites in trying to install Locky and Kovter on more computers. A few months ago, we reported an email campaign distributing .lnk files with a malicious script that downloaded Locky ransomware on target computers. Opening the malicious .lnk files executed a PowerShell script that…

Microsoft Security

The new .LNK between spam and Locky infection

January 23, 2017 admin .LNK between spam and Locky, .Lnk embedded PowerShell command, .Lnk embedded PowerShell script, .LNK spam spreads Locky infection, Antimalware research for IT pros and enthusiasts, email spam, Locky ransomware, Nemucod and Locky, Ransom:Win32/Locky, ransomware, spammed .Lnk spreads Locky, Trojan, TrojanDownloader:PowerShell/Ploprolo.A, Windows Defender, Windows Defender ATP, Windows Defender in Windows 10

Just when it seems the Ransom:Win32/Locky activity has slowed down, our continuous monitoring of the ransomware family reveals a new workaround that the authors might be using to keep it going. The decline in Locky activity can be attributed to the slowdown of detections of Nemucod, which Locky uses to infect computers. Nemucod is a…