Distributed via spam emails pretending to be complaints from an Internet Service Provider (ISP), a newly observed Locky ransomware variant appends the .AESIR extension to the encrypted files, security researchers reveal.
Ever since it first emerged in February of this year, Locky has been one of the most active ransomware families and has targeted users all around the world. Its operators have been very active in their attempts to bypass security protections and avoid detection, and changing the extension appended to encrypted files has been one of the used methods.
