Today f-secure is reporting that another locky payload server has been hacked. The malicious payload has been replaced with an image that warns not to click on email attachments – although the hacker uses the term ’emails attachment’ – so perhaps their first language is not english:
Locky Payload Replaced with Warning
Earlier this month, researchers at Avira discovered a Locky crypto-ransomware distribution network had been similarly hacked by a grey hat. In that particular effort to disrupt Locky, the hacker replaced the payload with a 12 byte text file – which contained the message “Stupid Locky”.
For information on how to stay safe from ransomware like Locky, read our previous blog post.