A white hat hacker has hacked into the control and command server for the Dridex malware and removed the payload. He or she then left a message reading "Stupid Locky."

Dridex is the name of a banking trojan that's been wreaking havoc among users for the past years. The most recent malware which Dridex operators started distributing is called Locky and is one of today's most complex and most predominant ransomware variants.

Avira security has noticed a turn down in the number of Locky infections. It appears to be a result of the ransomware having a malformed ransomware binary file. The security firm thinks that someone hacked the Dridex botnet once again and intentionally replaced the Locky ransomware payload with this harmless file.

Avira's Sven Carlsen noted: "I don’t believe that cybercriminals themselves would have initiated this operation because of the potential damage to their reputation and income stream. I also wouldn’t say that “Locky is dead” after this operation. But after the examples of Dridex and now Locky, it shows that even cybercriminals, masters of camouflage, are also vulnerable."

Source: SoftPedia