It seems that cybersecurity villains have somewhat drawn inspiration from Wild West adventures in recent days, with the latest attacks being the devastating lootings currently being committed by the new ransomware Locky. Stormshield Endpoint Security – malware’s Lucky Luke – takes another look at the emergence of Locky and explains how you can prevent the attack without delay.
The Daltons of Ransomware are Dreaming Big with Macros
If the legendary bandit Dridex is riding the Trojan horse to steal the IDs of people who use online banking services, Locky isn’t going to be outdone. It’s using a similar attack technique where you receive – generally by email – an invoice including a macro as a Microsoft Word document. Not being too suspicious, you open the document and the attack launches. Locky encrypts the files on your computer and – sometimes – on your entire network, then demands a ransom from you in return for the key to decrypt your files.
Stop the Hold-Up in Your Company
Numerous individuals and companies have already been affected by these cyber hold-ups – and this is only the beginning for this up-and-coming ransomware that is Locky.
One prime example is a $17,000 ransom that was demanded from a U.S. hospital center to restart its information system. Another example concerns a particularly effective campaign in France that addresses an invoice from the operator Free Mobile to its victims. Some information security sheriffs suspect that Dridex and Locky form part of the same mafia-like network and have identified 400,000 sessions using the same kind of macro loader as Bartallex does for Dridex to install Locky on the system.
Fortunately, at Stormshield, we’re used to the Wild Wild West and don’t leave anything to chance. Where the antivirus troops and their basic signature analysis solutions fail, we innovate to overpower the enemy. So, thanks to its proactive suspicious behavior detection system, customers of Stormshield Endpoint Security, the cyber cowboy, have long since been safe from both the Dridex malware and its new cousin Locky.
Not a customer yet? Contact us for more information: mkt-contact@stormshield.eu
Sources:
http://blog.lemondeinformatique.fr/securite-informatique/lire-retour-du-virus-dridex-avec-des-documents-microsoft-infectes-133.html
http://www.lemondeinformatique.fr/actualites/lire-le-ransomware-locky-propage-par-des-macros-word-fait-des-ravages-63952.html