back to article Suck on this: White hats replace Locky malware payload with dummy

Pranksters have infiltrated the control system behind the infamous Locky ransomware and replaced the malware’s main payload with a dummy file. Locky normally spreads using malicious and disguised JavaScript inside email attachments supposedly containing an invoice or similar. Malicious messages are sent to prospective marks in …

  1. Doctor Syntax Silver badge

    So one distribution route gets de-fanged and what does an anti-virus company do? Warn the malware slingers so they discover it a little sooner than they might otherwise have done.

    The blog is headed "I'm with Stupid".

    1. Mark 85

      Doesn't make sense does it? Except in a publicity type of way. This is one of those things where someone should have kept their mouth shut as I'm sure the miscreants have dropped that C&C server like a hot coal and went somewhere else... probably more hidden.

  2. M7S

    Technically what they've done is a crime in many jurisdictions

    "unauthorised access to a computer" or somesuch.

    I for one, however, would applaud them in this instance.

    In the absence of a decent "gin and tonic" icon, I suppose a virtual pint is the best we can offer these virtuous operators.

    1. Jimbo 6

      Re: Technically what they've done is a crime in many jurisdictions

      IANAL, but... most jurisdictions have some variant of 'force majeure' exemption, e.g.

      - Smashing someone's car window is a crime

      - Smashing someone's car window because they're trapped inside and dying is not a crime

      1. DiViDeD

        @Jimbo 6 Re: Technically what they've done is a crime in many jurisdictions

        - Smashing someone's car window because they've been using it as a getaway vehicle, grey area, allegedly

        But I'd still buy em a pint or 12

    2. allthecoolshortnamesweretaken

      Re: Technically what they've done is a crime in many jurisdictions

      Yep. I'd buy them a couple of rounds.

    3. Doctor Syntax Silver badge

      Re: Technically what they've done is a crime in many jurisdictions

      Maybe the owners of the server will make a complaint to the local police.

  3. Phil W


    "If this happens it’s normally impractical to recover scrambled files without paying crooks a fee"

    Unless, you know, you take regular back ups of your valuable and irreplaceable data like a sensible person. Unfortunately when it comes to the security of their data far too many people are not sensible, but in an ideal world the only data lost should be that created between the last backup and the time the ransomware hit.

  4. TRT Silver badge

    Shame that they didn't...

    just encrypt all of the bad guy's files. And then offer to unlock them again for a suitable fee.

    1. Loyal Commenter Silver badge

      Re: Shame that they didn't...

      One would hope that they put some logging in place on the C&C server to audit who connects, and when to trace those responsible for setting it up.

    2. Privatelyjeff

      Re: Shame that they didn't...

      That's what I was thinking. Or find some way to get into the computer of the person that runs the network, steal what they needed to ID them, then steal their Bitcoins, then encrypt their system with a different type of encryption and destroy the key.

  5. Alistair

    That header pic

    <infant in white>

    That child has a massive future in politics, if they can keep that expression working.

  6. Locky

    I clasify this as

    Workplace bullying....

  7. Jeffrey Nonken

    Huh. So THAT'S what's in all those messages I've been ignoring.

  8. oneeye

    And why the heck aren't the AV companies able to block and warn about these things if they can detect the substitute messages? Seems most people are paying for nothing if AV is always running behind the game.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Other stories you might like