Locky/ Zepto developers switch to DLL for the ransomware installation

The developers of Locky/ Zepto ransomware have been perfecting their fraudulent creations for quite some time, pushing themselves to the limits just to achieve the desired outcome – easy cash. They have already employed the strongest AES and RSA encryption algorithms to lock the files they locate on the infected computer, making them virtually inaccessible and forcing the victims to pay for their decryption. The hackers also protected themselves from being caught red-handed by creating an anonymous payment system. But the biggest percentage of the successful system infiltration is dependent on the initial installation of the program. There are a lot of risk factors that can ruin the criminals’ evil plan. For instance, the program may fail to install due to connection interferences or be terminated by an antivirus software. So, the cyber criminals are constantly looking for ways to make it work as smoothly as possible.

Recently, the virus researchers have spotted a change in the Locky/ Zepto setup. The program now seems to use the dynamic-link library (DLL) to install on the computers. This way, the virus is much more difficult to track once in the system. This is primarily due to the fact that executable blockers and antiviruses usually ignore the rundll32.exe processes because normally, it is not regarded as a threat. So, using DLL, Locky/ Zepto can infect the computer much easier. This only suggests that the virus creators are still ambitious and are not planning on backing out. For us, users, this signals a need for a stronger data protection. Since the ransomware viruses are only going to grow more dangerous and find ways to bypass antivirus protection, we urge you to create backup copies of your valuable data, as it is by far the most guaranteed way to keep your files safe. If you need recommendations on backups, you can find it here.