Earlier last month researcher identified a new ransomware attack that has already targeted and infected tens of thousands of businesses.
The new attack is a modification of the Locky malware that had infected businesses worldwide earlier this summer.
Massive New ‘Locky’-Variant Ransomware Is Attacking Businesses Across The US
IT Security experts are saying that the files containing the new “IKARUSdilapidated” strain of the Locky virus is able to move through endpoint defenses undetected.
The attack begins with an email attachment.
With more sophisticated social engineering strategies, hackers are getting users to open files attached to their emails. A single attachment with no text. The IKARUSdilapidated attack is initiated with a zipped email attachment.
If the user follows the instructions in the email, clicking on the zipped file, the rest of the infection process automatically installs the virus on their machine. Macros save and run binary files that will encrypt files on the infected computer, specifically scouting out and encrypting common file extensions.
If your computer gets infected with IKARUSdilapidated or any variant of the Locky virus, you likely won’t be able to make heads or tails of the files on your computer—their names will be replaced and converted to unique 16 letter and number combinations with a .locky file extension.
How does this ransomware skirt your business’ IT Security measures?
No network patching—One of the most common ways businesses let ransomware onto their networks is by failing to perform regular maintenance on the network. And one of the biggest reasons this current strain of Locky virus is going undetected is because many IT Support teams have failed to properly patch networks—updates that are able to detect and prevent this particular virus from entering. NOTE: Dynamic Edge does not just regularly patch client networks, but also tests those patches to make sure they are working (it is far too common for IT Support teams to apply patches without testing first, leading to outages and major computer headaches!).
Imprecise spam filtering—because the file extension on the phishing attack is not easily discernable, many filters that haven’t been properly updated may overlook the IKARUS attack and consider it legitimate mail. Dynamic Edge has dedicated technicians that regularly test and update spam filters, especially as they evolve to be more specific to the latest phishing attacks, like IKARUS.
Lack of consistent activity monitoring on your network—when an attack does hit your network, more often than not, no one will notice until multiple users are complaining that their entire file system is inaccessible (see a common story of how one business was crippled by ransomware). IT Support needs to monitor activity on your network 24/7 and be able to identify when suspicious activity (non-normal activity) is occurring so that they can take next steps to resolve any potential problems (infections). The problem is: most IT Support say they’re monitoring your network 24/7, but have no clue either (1) how to adequately monitor a network or (2) have insufficient resources to devote to prevention measures.
No smart firewall to identify “bad traffic”—most IT Support teams are too complacent when it comes to firewalls. They assume that a conventional static firewall is sufficient to protect your business. But what they fail to recognize is that criminals are getting through static firewalls now more than ever. What your business needs is a smart firewall that learns what new attacks look like and prevents your users from being exposed to such attacks. Why put your business in jeopardy if there are ways to kill an attack before it starts?
Remember— Locky viruses are notoriously effective at breaking into business networks and extorting businesses. In the past two years, these attacks have seen payments adding up to millions of dollars. With increased effectiveness and success at attacking businesses like yours—your clients, your staff—do you think criminals are going to stop their attacks?
With IKARUS, cybercriminals are circumventing conventional IT Security protocols, infrastructure and measures. Cybercrime’s sophisticated social engineering can mean trouble for your network and your data.
Is your business ready to get its data ransomed? Could you survive a ransom attack? Contact Us TODAY for a free network security assessment.