IT Pro is supported by its audience. When you purchase through links on our site, we may earn an affiliate commission. Learn more

Locky ransomware continues to bypass security

XORed JavaScript used to evade detection

Red skull and crossbones atop binary code

Hackers looking to plant Locky ransomware on victim's systems are using XOR obfuscation and reversing the bytes on the payloads to evade detection by network security tools.

According to investigations by security firm Proofpoint, the use of malware loaders such as RockLoader paired with the usage of malicious Javascript files has allowed Locky to remain a top threat among email distributed ransomware.

Researchers at the firm recently observed a Locky distributor embarking on further efforts to make their ransomware more elusive and effective.

"These campaigns continue to demonstrate the trend of threat actors shifting delivery mechanisms and adding new layers of obfuscation and evasion to bypass security defences. In the example above, the initial payload was actually the RockLoader malware loader which then attempted to install Locky from a sophisticated command and control (C&C) architecture," researchers at Proofpoint said in a blog post.

XOR obfuscation disguises the code of the malicious ransomware as something that makes looks like it was part of the original binary code.

"Last week, though, we observed one Locky actor (affiliate ID 1) begin using XOR obfuscation and reversing the bytes on the payloads to evade detection by network security tools," said the researchers.

This technique has been proven to be fast and effective, which has made it a popular choice among threat actors.

"While this type of obfuscation can be particularly effective against network security products that primarily scan executables entering the network, they can also be used for sandbox evasion," they said.

The researchers recommended that users have layered forms of security to counteract the techniques of Locky, especially since it is harder than ever to be detected.

Featured Resources

The state of Salesforce: Future of business

Three articles that look forward into the changing state of Salesforce and the future of business

Free Download

The mighty struggle to migrate SAP to the cloud may be over

A simplified and unified approach to delivering Enterprise Transformation in the cloud

Free Download

The business value of the transformative mainframe

Modernising on the mainframe

Free Download

The Total Economic Impact™ Of IBM FlashSystem

Cost savings and business benefits enabled by FlashSystem

Free Download

Recommended

Cloud security market to hit $106 billion by 2029
cloud computing

Cloud security market to hit $106 billion by 2029

11 Apr 2022
Alkira offers Check Point CloudGuard Security to secure virtual cloud networks
Cloud

Alkira offers Check Point CloudGuard Security to secure virtual cloud networks

29 Sep 2021
Iboss protects web sessions with remote browser isolation
Cloud

Iboss protects web sessions with remote browser isolation

16 Aug 2021

Most Popular

How to boot Windows 11 in Safe Mode
Microsoft Windows

How to boot Windows 11 in Safe Mode

29 Jul 2022
Samsung proposes 11 Texas semiconductor plants worth $191 billion
Hardware

Samsung proposes 11 Texas semiconductor plants worth $191 billion

21 Jul 2022
Should you take your password manager off the internet?
Sponsored

Should you take your password manager off the internet?

28 Jul 2022