A Trojan named “Locky” is currently paralysing computers of enterprises and private individuals with the aim to extort ransom money. RadarServices, a leading managed security service provider warns that the new malicious virus is currently affecting Europe and the USA and the Middle East enterprise sector may be susceptible target.
This Windows-Trojan is mainly distributed via email attachments and web-downloads. The emails are disguised as invoices or messages and contain infected office documents. When opened, this malware does not only encrypt computer but also infects networks and cloud-storages such as dropbox. In many cases, the Trojan integrates the infected computer in a botnet, thereby gaining remote control and the ability to spread the virus further in the network. As a result, companies are suffering from failures and enormous damages. As soon as the files are encrypted the blackmail appears on the screen with a ransom demand.
Aji Joseph, General Manager of RadarServices Middle East explains, “Threats especially on businesses are forever evolving and becoming more and more sophisticated. This current malware cannot be detected by antivirus programs, as the infected email attachment is very professionally designed with an aim to extort money. Companies here should adopt a more proactive approach towards security than just implementing antivirus and firewalls to protect their infrastructure.”
According to RadarServices labs - in case of such attacks the corporate IT infrastructure is only secure if two IT risk management modules are applied: “Advanced Email & Web Threat Detection”, the automated analysis of attachments of all incoming E-Mails in “isolated” environments (so-called “sandboxes”) and “Network-Based Intrusion Detection” (NIDS), the detection of suspicious network activities, in case Locky is already active in the company but not yet noticed by the user. In the latter case NIDS detects the network traffic between the Command & Control Sever of the Trojans in the Internet and reports it to the IT security team to initiate immediate measures.