Endpoint

11/10/2017
03:10 PM
Connect Directly
Twitter
LinkedIn
Google+
RSS
E-Mail

New Locky Ransomware Takes Another Turn

A newly discovered strain of Locky ransomware has been discovered masquerading as legitimate Microsoft Word documents.

(Image: Avira)

(Image: Avira)

Comment  | 
Print  | 
Comments
Newest First  |  Oldest First  |  Threaded View
kenomouth64
100%
0%
kenomouth64,
User Rank: Apprentice
11/13/2017 | 8:52:08 AM
Possible Improvised Solution
  • At my company we supported 200 client's IT Infrastructure. Well, at least 1 client a week was getting infected with locky, luckily we had backups in each case. However it was still concerning that locky was slipping past the security controls in place. So we developed a "programmitic Block" which prevents any files from writing to the appdata folder. 
  • So, we figured out that for most strains of locky they will right to the appdata folder for install by default. So we just prevent anything from writing to this folder. It has created a few issues but we irnoed those out. It has been working for the clients for  year now. No New infections since it was implemented.
DaraSingh
33%
67%
DaraSingh,
User Rank: Apprentice
11/11/2017 | 9:28:51 AM
Locky Ransomware attacks
This attack is of very dengerous kind. If your file is locked with locky then your had lost your data and no ways to recover, only the way is if you have the backup of your data then ok.

I faced this situation three times and found that if it enters into your network then only the option is to identify the sytem and remove it immediately form the network else your Network PCs data are going into the dustbin.Sometimes it also encrypt the video and audio files but depending on the programs files formats going to be affecting.

The best way is to use your network safely with proper antivirus and don't install the unnecessary programs and adwares which have the loopholes into its design architecture. If your are a tech giant and want to face the such an problem then you can try locky..... GOOD luck and happy readings.

 

 
Higher Education: 15 Books to Help Cybersecurity Pros Be Better
Curtis Franklin Jr., Senior Editor at Dark Reading,  12/12/2018
Worst Password Blunders of 2018 Hit Organizations East and West
Curtis Franklin Jr., Senior Editor at Dark Reading,  12/12/2018
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Current Issue
10 Best Practices That Could Reshape Your IT Security Department
This Dark Reading Tech Digest, explores ten best practices that could reshape IT security departments.
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2018-20168
PUBLISHED: 2018-12-17
Google gVisor before 2018-08-22 reuses a pagetable in a different level with the paging-structure cache intact, which allows attackers to cause a denial of service ("physical address not valid" panic) via a crafted application.
CVE-2018-20167
PUBLISHED: 2018-12-17
Terminology before 1.3.1 allows Remote Code Execution because popmedia is mishandled, as demonstrated by an unsafe "cat README.md" command when \e}pn is used. A popmedia control sequence can allow the malicious execution of executable file formats registered in the X desktop share MIME typ...
CVE-2018-20161
PUBLISHED: 2018-12-15
A design flaw in the BlinkForHome (aka Blink For Home) Sync Module 2.10.4 and earlier allows attackers to disable cameras via Wi-Fi, because incident clips (triggered by the motion sensor) are not saved if the attacker's traffic (such as Dot11Deauth) successfully disconnects the Sync Module from the...
CVE-2018-20159
PUBLISHED: 2018-12-15
i-doit open 1.11.2 allows Remote Code Execution because ZIP archives are mishandled. It has an upload feature that allows an authenticated user with the administrator role to upload arbitrary files to the main website directory. Exploitation involves uploading a ".php" file within a "...
CVE-2018-20157
PUBLISHED: 2018-12-15
The data import functionality in OpenRefine through 3.1 allows an XML External Entity (XXE) attack through a crafted (zip) file, allowing attackers to read arbitrary files.