Informazioni sul sito:

Nome del dominio - locky.it

Titolo del sito - Locky

Vai al sito web - Locky

Posizione GEO del sito

Posizione Paese - Italy

Città/Paese - Arezzo

Fornitore - Aruba S.p.A.

Site Logo

indirizzo IP:

31.11.35.196

Server dei nomi di dominio:

dns.technorail.com dns4.arubadns.cz dns2.technorail.com dns3.arubadns.net

Tutti i record:

☆ locky.it. 3600 IN A 31.11.35.196
☆ locky.it. 3600 IN TXT "v=spf1 include:_spf.aruba.it ~all"
☆ locky.it. 3600 IN MX 10 mx.locky.it.
☆ locky.it. 3600 IN NS dns4.arubadns.cz.
☆ locky.it. 3600 IN NS dns2.technorail.com.
☆ locky.it. 3600 IN NS dns3.arubadns.net.
☆ locky.it. 3600 IN NS dns.technorail.com.
☆ locky.it. 3600 IN SOA dns.technorail.com. hostmaster.locky.it. 2024051601 86400 7200 2592000 3600

Brief facts about locky:

Locky is ransomware malware released in 2016. It is delivered by email with an attached Microsoft Word document that contains malicious macros. When the user opens the document, it appears to be full of gibberish, and includes the phrase "Enable macro if data encoding is incorrect," a social engineering technique. If the user does enable macros, they save and run a binary file that downloads the actual encryption Trojan, which will encrypt all files that match particular extensions. Filenames are converted to a unique 16 letter and number combination. Initially, only the.locky file extension was used for these encrypted files. Subsequently, other file extensions have been used, including.zepto,.odin,.aesir,.thor, and.zzzzz. After encryption, a message instructs them to download the Tor browser and visit a specific criminal-operated Web site for further information. The website contains instructions that demand a ransom payment between 0.5 and 1 bitcoin.

Windows trojans

Ransomware

Cryptographic attacks