<span id="hs_cos_wrapper_post_body" class="hs_cos_wrapper hs_cos_wrapper_meta_field hs_cos_wrapper_type_rich_text" style="" data-hs-cos-general-type="meta_field" data-hs-cos-type="rich_text" ><p><img src="https://cdn2.hubspot.net/hubfs/2548414/Locky.jpg" alt="Locky.jpg" width="454" height="296"></p> <p>Locky, the infamous ransomware plaguing computers worldwide since it was <a href="https://blog.threatstop.com/2016/02/24/locky-not-to-be-confused-with-lucky">first seen early last year</a>, has recently made a comeback after a severe drop in activity over the holiday season. The Necurs botnet, which is Locky's primary distributor, was offline for the final weeks of 2016, equating to an <a href="http://blog.checkpoint.com/2017/01/16/malware-takes-a-christmas-break-in-decembers-global-threat-index/">81% decrease in the number of Locky attacks</a>.</p> <!--more--><p>It appears the Necurs botnet has begun <a href="http://blog.talosintel.com/2017/01/locky-struggles.html">distributing Locky again</a>, though with much less intensity than expected. Even though the volume of Locky spam emails has decreased, the ransomware’s encryption still cannot be broken. The new campaigns also deliver Kovter, a click-fraud malware, which will remain on the system even if the victim pays the ransom for their files.</p> <p>ThreatSTOP customers are protected from Locky and Kovter if they have the TSCritical and TSRansomware targets enabled in their policy.</p></span>
