eScan observes new variants of Locky Ransomware
To proliferate ransomware, cyber criminals often employ spam emails (infectious attachments), unofficial software download sources, trojans, and fake software updates.
By: Microworld Technologies Inc
Once infected it contacts its Command and Control (CnC) server and sends across the encryption keys which are important for successfully decrypting the files once the ransom has been paid. Unlike Wannacry Ransomware, there does not exist a Kill Switch Domain in Locky. WannaCry used the Eternal Blue exploit to propagate, it called back to a non-existent domain and this flaw was exploited by researchers to stop WannaCry dead in its track. However, with Locky this cannot be done.
Law Enforcement Agencies and Security Researchers may try to gain access to the CnC and provide the decryption keys as they have done this in the past. eScan PBAE detects and blocks these attempts by Locky Ransomware. (https://www.escanav.com/
Locky File Extensions
Locky, after encrypting the files, changes the extension to one of the below mentioned:
• Administrators should block all executable files from being transmitted via emails.
• Administrators should isolate the affected system in the Network.
• Administrator can restore the encrypted files from the backup or from system restore point (if enabled) for affected systems.
• Install and Configure eScan with all security modules active.
eScan Real Time Monitoring
eScan Proactive protection
eScan Firewall IDS/IPS Intrusion prevention
• Users shouldn't enable macros in documents.
• Organizations should deploy and maintain a backup solution.
• Most important, Organizations should implement MailScan at the Gateway Level for mail servers, to contain the spread of suspicious attachments.
eScan is an ISO (27001) certified pure play enterprise security solution company with over 2 decades of expertise in developing IT security solutions. eScan today has a presence in 12 countries through its offices and subsidiaries. It also boasts of a robust channel partner network of more than 50, 000 partners spread across 190 countries worldwide. It is trusted by more than 6,500 enterprise and corporate users spread across various industry segments such as Government, BFSI, Education, Defense, Telecom, IT & ITeS, Infrastructure, Hospitality, and Healthcare worldwide.
It is powered by some of the latest and innovative technologies, such as Proactive Behavioral Analysis Engine (PBAE) Technology, MicroWorld Winsock Layer (MWL) Technology, Domain & IP Reputation Check (DIRC) Technology, Non-Intrusive Learning Pattern (NILP) Technology, and sophisticated Anti-Virus Heuristic Algorithms that not only provide protection from current threats, but also provides proactive protection against the ever-evolving cyber threats. eScan provides 24x7 free remote support facility to help its esteemed users to provide real-time solutions for security related issues.
For more information, visit - https://www.escanav.com/
39555 Orchard Hill Place, Suite 600
Novi, MI 48375