The most popular ransomware of 2016 is still alive and well in 2017. New variants of Locky—Diablo and Lukitus—surfaced this past August using the same the initial phishing email attack vector. The emails contain a zipped attachment with malicious JavaScript that downloads the Locky payload. Most of the emails pose as fake invoices from companies such as Amazon Marketplace and Herbalife. More recently, the ransomware has been spotted using an email distribution campaign with Game of Thrones references in its scripting variables. Inception: February 2016; Attack vector: Spam Email

LeVar Battle

About the Author

LeVar Battle

Senior Communications Manager

LeVar Battle has produced content for healthcare and technology for more than 10 years. He is now a corporate communications and social media manager for Webroot leading the blog editorial and social media team.