Blog

AstraLocker 2.0 infects users directly from Word attachments

AstraLocker 2.0 infects users directly from Word attachments
Userlevel 5
Badge +3
  • Community Manager
  • 24 replies

A lesser-known ransomware strain called AstraLocker has recently released its second major version, and according to threat analysts, its operators engage in rapid attacks that drop its payload directly from email attachments.

This approach is quite unusual as all the intermediate steps that typically characterize email attacks are there to help evade detection and minimize the chances of raising red flags on email security products.

According to ReversingLabs, which has been following AstraLocker operations, the adversaries don't seem to care about reconnaissance, evaluation of valuable files, and lateral network movement.

Instead, they are performing "smash-n-grab" attacks to his immediately hit with maximum force aiming for a quick payout.


0 replies

Be the first to reply!

Reply