Ransomware has been an enormous security problem in today’s digital age. The damage can spread to epic proportions for organizations which assets (e.g. user personal and financial data) rely on the web.
Earlier this month, the system of the Hollywood Presbyterian Medical was infected by ransomware that demanded a ransom totaling to a whopping US$3.6 million (*in bitcoin 9,000).
What is ransomware?
It’s kidnapping of data, wherein a hacker locks a user out of his own system by encrypting data before asking for a payment in the form of bitcoin before he can recover the files using the decryption key.
Joining the club is Locky, another flavor introduced by hackers, who are allegedly associated with one of the people behind Dridex, a notorious banking ransomware.
Both have the same modus of operation, that’s why.
Locky’s hackers send an email containing a Microsoft Word attachment, which disguises as an invoice that requires macro functions.
[Microsoft disabled macros by default for security reasons, which is why you will normally see a warning message if an attachment has macros.]
Now if you’d enable it, macro will run to download Locky using Bartallex, which Dridex also uses in its operations.
So if your system becomes infected, you will not be able to recover your files if you do not have a regular backup or if your data has been infected by the malware.
According to the Palo Alto Networks, they have detected 400,000 sessions in which half of the targets were from the US, while the rest were from Canada and Australia.
[Locky uses its command-and-control infrastructure for performing a memory exchange before file encryption. All encrypted files come with “.locky” extension.
Kevin Beaumont from “Medium” wrote guidance on ways to find out who among the staff in your organization has been infected. He also suggested locking of the infected user’s account as well as shutting down of its network access. Most importantly, you should be rebuilding his computer from scratch.
Source: PC World