Comments
New Locky Ransomware Takes Another Turn
Newest First  |  Oldest First  |  Threaded View
kenomouth64
100%
0%
kenomouth64,
User Rank: Apprentice
11/13/2017 | 8:52:08 AM
Possible Improvised Solution
  • At my company we supported 200 client's IT Infrastructure. Well, at least 1 client a week was getting infected with locky, luckily we had backups in each case. However it was still concerning that locky was slipping past the security controls in place. So we developed a "programmitic Block" which prevents any files from writing to the appdata folder. 
  • So, we figured out that for most strains of locky they will right to the appdata folder for install by default. So we just prevent anything from writing to this folder. It has created a few issues but we irnoed those out. It has been working for the clients for  year now. No New infections since it was implemented.
DaraSingh
33%
67%
DaraSingh,
User Rank: Apprentice
11/11/2017 | 9:28:51 AM
Locky Ransomware attacks
This attack is of very dengerous kind. If your file is locked with locky then your had lost your data and no ways to recover, only the way is if you have the backup of your data then ok.

I faced this situation three times and found that if it enters into your network then only the option is to identify the sytem and remove it immediately form the network else your Network PCs data are going into the dustbin.Sometimes it also encrypt the video and audio files but depending on the programs files formats going to be affecting.

The best way is to use your network safely with proper antivirus and don't install the unnecessary programs and adwares which have the loopholes into its design architecture. If your are a tech giant and want to face the such an problem then you can try locky..... GOOD luck and happy readings.

 

 


12 Free, Ready-to-Use Security Tools
Steve Zurier, Freelance Writer,  10/12/2018
Pair of Reports Paint Picture of Enterprise Security Struggling to Keep Up
Curtis Franklin Jr., Senior Editor at Dark Reading,  10/11/2018
New Domains: A Wide-Open Playing Field for Cybercrime
Ben April, CTO, Farsight Security,  10/9/2018
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Current Issue
Flash Poll
The Risk Management Struggle
The Risk Management Struggle
The majority of organizations are struggling to implement a risk-based approach to security even though risk reduction has become the primary metric for measuring the effectiveness of enterprise security strategies. Read the report and get more details today!
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2018-18315
PUBLISHED: 2018-10-15
com/mossle/cdn/CdnController.java in lemon 1.9.0 allows attackers to upload arbitrary files because the copyMultipartFileToFile method in CdnUtils only checks for a ../ substring, and does not validate the file type and spaceName parameter.
CVE-2018-18316
PUBLISHED: 2018-10-15
emlog v6.0.0 has CSRF via the admin/user.php?action=new URI.
CVE-2018-18317
PUBLISHED: 2018-10-15
DESHANG DSCMS 1.1 has CSRF via the public/index.php/admin/admin/add.html URI.
CVE-2018-18296
PUBLISHED: 2018-10-15
MetInfo 6.1.2 has XSS via the /admin/index.php bigclass parameter in an n=column&a=doadd action.
CVE-2018-18309
PUBLISHED: 2018-10-15
An issue was discovered in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.31. An invalid memory address dereference was discovered in read_reloc in reloc.c. The vulnerability causes a segmentation fault and application crash, which leads to denial of service,...