Informazioni sul dominio e sul sito Web:
locky.it
Nome del dominio - locky.it
Titolo del sito - Locky
Vai al sito web - Locky
Posizione GEO del sito
Posizione Paese - Italy
Città /Paese - Arezzo
Fornitore - Aruba S.p.A.
Site Logo
indirizzo IP:
Server dei nomi di dominio:
dns.technorail.com dns4.arubadns.cz dns2.technorail.com dns3.arubadns.net
Tutti i record:
☆ locky.it. 3600 IN A 31.11.35.196
☆ locky.it. 3600 IN TXT "v=spf1 include:_spf.aruba.it ~all"
☆ locky.it. 3600 IN MX 10 mx.locky.it.
☆ locky.it. 3600 IN NS dns4.arubadns.cz.
☆ locky.it. 3600 IN NS dns2.technorail.com.
☆ locky.it. 3600 IN NS dns3.arubadns.net.
☆ locky.it. 3600 IN NS dns.technorail.com.
☆ locky.it. 3600 IN SOA dns.technorail.com. hostmaster.locky.it. 2024051601 86400 7200 2592000 3600
Brief facts about locky:
Locky is ransomware malware released in 2016. It is delivered by email with an attached Microsoft Word document that contains malicious macros. When the user opens the document, it appears to be full of gibberish, and includes the phrase "Enable macro if data encoding is incorrect," a social engineering technique. If the user does enable macros, they save and run a binary file that downloads the actual encryption Trojan, which will encrypt all files that match particular extensions. Filenames are converted to a unique 16 letter and number combination. Initially, only the.locky file extension was used for these encrypted files. Subsequently, other file extensions have been used, including.zepto,.odin,.aesir,.thor, and.zzzzz. After encryption, a message instructs them to download the Tor browser and visit a specific criminal-operated Web site for further information. The website contains instructions that demand a ransom payment between 0.5 and 1 bitcoin.
© DMS 2011-