IT-säkerhet Teknik

Lockdown Locky ransomware

Locky is the latest in an ever increasing range of ransomware threats used by cyber criminals in an expanding and increasingly lucrative market. What makes Locky special is that it appears to have come from the same group behind several large Dridex campaigns showing that they are possibly diversifying their range of attacks.

The Locky strain has been observed in the Avecto malware labs and by other researchers spreading via Word documents attached to phishing emails. These typically look like invoices and come from a variety of domains. So far, the campaign seems to be very successful and well-orchestrated with a global impact across all industries.

Locky11.jpg
Figure 1: Locky Phishing Email

When the user enables the macros in the malicious document the Locky malware executable is dropped in the user’s temporary directory and executed. This then renames and encrypts all the users documents, changes their wallpaper to a ransom demand and will also attempt to silently delete backup shadow copies of the filesystem.

Locky21.jpg
Figure 2: Locky Ransom Demand

The problem for traditional security solutions trying to prevent threats such as Locky is they are reliant on detecting it to prevent it. Even if a detection solution could detect 99 out of 100 threats it only takes 1 instance of Locky to go unnoticed to inflict serious damage. In the case of Locky it took most AV vendors days to catch up.

So h

So how can RansomCare help?

Watch how RansomCare stops real-time ransomware attacks and prevents an outbreak in this 4 min video.

 Learn more about RansomCare

 

Tobias Wedin

Tobias är Pre Sales Engineer med inriktning på säkerhet på Inuit.

tobias.wedin@inuit.se

Prenumerera på bloggen

Håll koll på senaste nytt genom att prenumerera. Vi levererar nyheterna direkt i din inkorg!