Dridex Botnet Has Replaced Banking Trojan with Locky Ransomware

March 10, 2016

It has now become official, and it appears that the Dridex botnet that has been distributing banking trojans for years, has now changed its profile entirely and is spreading ransomware instead.

Initial reports on this topic came from Palo Alto researchers, who at the middle of February noticed that the Dridex botnet has stopped delivering its infamous and highly dangerous banking trojan, of the same name.

Researchers noticed at the time that the botnet’s operators started pushing a new type of ransomware variant, which was later named Locky, after the extension it adds to all the files it encrypts.

Read full story…