The New and Reproved Ransomware
Recently, a new variant of the notorious Locky ransomware – IKARUS delapidated – has become part of a large-scale email-based campaign. The attack is gaining traction because it is able to slip past the defenses of some unsuspecting companies. On August 9, the first campaign of a worldwide ransomware attack was detected. This massive attack connected 62,000 phishing emails with the newly discovered Locky variant.
Locky is a common type of ransomware that emerged in 2016 and has since been utilized in a wide range of cyber attacks. This new Locky-variant is still in process of spreading, powered from more than 11,625 distinct IP addresses in 133 different countries (the top five being Vietnam, India, Mexico, Turkey and Indonesia).
What you need to know!
Here’s what you need to know about this new ransomware and how you can ensure that your business network remains protected against it.
- The main way the new variant is spread is by manipulating social concepts – the trickery of the phishing attempts. Through phishing emails, users are tricked or induced into opening a docx, pdf, jpg, zip or other file.
- The file presented in the phishing email should not be opened because it contains the “IKARUS dilapidated” ransomware. The name comes from a phrase that appears in the hidden code. If the user opens the attached file, the ransomware takes over.
- At that point, all files that match particular extensions are encrypted. Then the filenames are converted to a unique 16 letter-number combination using the .locky file extension.
- After the files are completely encrypted, users are given instructions for downloading a Tor browser and directed to a site on the dark web where the cyber criminals demand a ransom payment of up to one bitcoin (which equates to over $4,000).
- Many protection solutions have been updated to detect Locky ransomware generally. However, this variant is able to slip past detection tools because it is so new.
- As a new ransomware variant, it is read as an “unknown file” and is allowed entry into the system.
- Those organizations using a “default-deny” security posture would not be as affected. Default-deny denies entry to all unknown files until it is verified that they are safe to enter the IT infrastructure.
- Organizations not using default-deny allow the unknown file to enter the network system. Because the system sees the file as unknown it makes it more difficult to detect.
For our customers enjoying the security services Alliant provides, it is still vital that you properly educate your employees to minimize the serious risk at hand. Alliant provides Webroot which protects against these kinds of attacks. Webroot uses real-time anti-phishing capabilities to protect against initial phishing emails and phishing sites. Should you be uncertain whether you have signed up for Webroot or have any further questions about ensuring protection against this new variant, please give Alliant a call.
While Alliant’s antivirus and firewall solutions are incredibly effective in reducing risk, you need a more robust security solution in place to defend against the increasingly dangerous landscape. This particular variant of ransomware attack calls for effective security to detect and respond to threats, and to block all unknown files from the IT infrastructure until they are verified as safe.
The only “fail-safe”
Unfortunately, no matter how strong the security solution, attacks will continue to slip through the cracks. Full protection implements a proper, reliable backup and disaster recovery (BDR) solution with online and offline backup solutions as the ultimate fail-safe against the attack which gets past your initial defense line.
Make sure you are prepared. Request your employees to read this informative article. Call Alliant if you have any questions or concerns regarding full protection and a robust BDR solution. We are here for you!