The cybercriminals behind the Locky ransomware attacks are upping their game by using an application linking feature in Windows to hit even more victims without being immediately noticed.

According to an advisory from the Internet Storm Center, the new variant of Locky ransomware exploits Microsoft’s Dynamic Data Exchange (DDE), a Windows feature that facilitates the electronic transfer of Office files using shared memory and data.

Locky Adopts DDE Hijacking Tactics

In keeping with similar approaches, the fraudsters created phony invoices laden with malicious links and distributed them via the Necurs spambot. Because they used DDE, the threat actors did not have to employ macros to download malware from a remote server.

The Locky malware self-destructs once the ransomware attacks are successful, at which point the cybercriminals demand payment in the form of bitcoin. Besides DDE, according to SecurityWeek, Locky is being disseminated via Visual Basic scripts and archived in formats such as RAR containing VBS, JSE and JS files. The variety of techniques makes the threat much more difficult for security experts to track.

DDE is hardly a new feature from Microsoft, dating back to the late 1980s. BankInfoSecurity pointed out that potential dangers associated with DDE include the ability for cybercriminals to instantly execute links in a document once a victim opens it.

Microsoft offered an alternative several years ago called Object Linking and Embedding (OLE) but continues to support DDE because it is a part of legacy versions of Office products. Though the company has been informed about the risks, it maintained that the issues with DDE do not technically represent a bug.

Predicting Locky Ransomware’s Next Move

Threatpost reported that the only way to avoid the issue entirely is to go into the settings of Office applications and ensure that they don’t automatically update links. Given that DDE is a legitimate feature, however, it is less likely to be stopped by traditional antivirus or security scanning systems.

Ransomware attacks from Locky will likely take many forms and target widely used applications such as Microsoft Word. Hijacking DDE may just be a taste of what’s yet to come.

More from

The Evolution of Antivirus Software to Face Modern Threats

Over the years, endpoint security has evolved from primitive antivirus software to more sophisticated next-generation platforms employing advanced technology and better endpoint detection and response.  Because of the increased threat that modern cyberattacks pose, experts are exploring more elegant ways of keeping data safe from threats.Signature-Based Antivirus SoftwareSignature-based detection is the use of footprints to identify malware. All programs, applications, software and files have a digital footprint. Buried within their code, these digital footprints or signatures are unique to the respective…

How Do Threat Hunters Keep Organizations Safe?

Neil Wyler started his job amid an ongoing cyberattack. As a threat hunter, he helped his client discover that millions of records had been stolen over four months. Even though his client used sophisticated tools, its threat-hunting technology did not detect the attack because the transactions looked normal. But with Wyler’s expertise, he was able to realize that data was leaving the environment as well as entering the system. His efforts saved the company from suffering even more damage and…

The White House on Quantum Encryption and IoT Labels

A recent White House Fact Sheet outlined the current and future U.S. cybersecurity priorities. While most of the topics covered were in line with expectations, others drew more attention. The emphasis on critical infrastructure protection is clearly a top national priority. However, the plan is to create a labeling system for IoT devices, identifying the ones with the highest cybersecurity standards. Few expected that news. The topic of quantum-resistant encryption reveals that such concerns may become a reality sooner than…

Contain Breaches and Gain Visibility With Microsegmentation

Organizations must grapple with challenges from various market forces. Digital transformation, cloud adoption, hybrid work environments and geopolitical and economic challenges all have a part to play. These forces have especially manifested in more significant security threats to expanding IT attack surfaces. Breach containment is essential, and zero trust security principles can be applied to curtail attacks across IT environments, minimizing business disruption proactively. Microsegmentation has emerged as a viable solution through its continuous visualization of workload and device communications…