Have you opened any invoice attachments lately? Now, there’s a new ransomware called Locky Ransomware that’s joined the ranks of viruses like CryptoLocker and CryptoWall. This latest malware threat was detected just last week and already, it’s spread at an alarming rate, employing sophisticated social engineering tactics and bypassing antivirus (AV), spam filtering and web filtering solutions. According to Dark Reading, Kevin Beaumont, one of the first security researchers to unearth Locky, revealed he had seen “around 4,000 new infections per hour, or roughly 100,000 per day.”


What is Locky?

Locky is the latest strain of ransomware that uses two forms of social engineering to encrypt files, filenames and unmapped network shares.

How is Locky Installed?

Like its ransomware predecessors, Locky relies on email phishing to successfully install. So far, experts report that hackers email victims a fake invoice, hoping they’ll download the malicious attachment. Bleeping Computer has already warned readers to watch out for emails with subjects similar to ATTN: Invoice J-98223146. As we know, hackers use social engineering to convince targets they’re trustworthy by appearing legitimate when communicating online or over the phone. For now, Locky can’t be successfully launched without getting the victim to comply. After examining the sophistication of the text in the body of the Locky email, it’s easy to see how attackers are able to gain buy-in. See the following screenshot of the email message taken from Lawrence Abrams’s incredibly helpful article:

locky-email-message-taken-from-bleeping-computer.png

image source: http://www.bleepingcomputer.com/news/security/the-locky-ransomware-encrypts-local-files-and-unmapped-network-shares/

 

What Happens When Locky is Installed?

Once installed,, Locky encrypts your data and changes filenames to be indecipherable. It’s worth noting that a wide array of file extensions are compromised in the process, including videos, images, documents and source code. Not only that, but as a Naked Security by Sophos article explains, Locky “scrambles any files in any directory on any mounted drive that it can access, including removable drives that are plugged in at the time, or network shares that are accessible, including servers and other people’s computers, whether they are running Windows, OS X or Linux.” 

Locky wouldn’t be classified as ransomware if it didn’t demand some form of Bitcoin payment to decrypt the affected files. Once infected, victims’ desktop wallpapers are changed, displaying the following ransom payment process instructions:

locky-wallpaper-640.png

image source: https://nakedsecurity.sophos.com/2016/02/17/locky-ransomware-what-you-need-to-know/

 

What Preventative Steps Must You Take?

1. Make sure your system has the right Antivirus and Antimalware software installed for endpoint security so that they can catch Locky and other ransomware early.

2. Monitor your systems for suspicious behavior such as pop-ups or an abnormal rate of file changes.

3. Update your systems with critical vendor releases and patches regularly. While this may not directly stop Locky, it’s a best practice for malware prevention in general because it corrects vulnerabilities in desktop applications that hackers can exploit.

4. Implement a proper firewall to protect your network at the gateway level and block harmful files from reaching your network.

5. Make sure your IT company knows how to deal with ransomware and related items, and is taking the proper precautions to protect you.

6. Most importantly, leverage the right backup and disaster recovery (BDR) solution and back up regularly.

What Role Does Backup Play in Locky Risk Mitigation?

This last preventative step is a point we can’t emphasize enough! The only way to get corrupted data back without paying the ransom, which ranges from at least 0.5 to 2 Bitcoins ($208 to $800), is through your most recent backup. If you don’t already recognize the absolute necessity of backup to protect and restore client data from all instances of data breaches and data loss, consider the fact that Locky deletes any existing Volume Snapshot Service (VSS) files and encrypts network-based backup files. Evade this trap, and choose a business grade BDR solution that lets you efficiently back up encrypted data offsite to a secure, trusted public cloud. It’s your only failsafe when ransomware like Locky strikes. 

What If I’m Not Protected or Not Sure About My IT’s Abilities?

Contact our team to schedule your Free No Obligation Network Assessment and to learn more about how we protect our clients on a daily basis, and how you can also be provided with IT peace of mind and take yur IT to the next level.

 

 

 

 
Article Source: http://bit.ly/1RWmZqo

Menu