November 14, 2017 — 10 min read
Locky Empire Strikes Back
Locky is one of the most widespread and active ransomware families on the malicious threats landscape. There is a new version that just appeared a couple of days ago. It’s being delivered by the Necurs botnet through SPAM emails containing Microsoft Word macros exploiting the Microsoft’s Dynamic Data Exchange (DDE). DDE is a Windows feature that handles the electronic transfer of MS Office files using shared memory and data.