Locky: The New Ransomware – and the Three Principles of Fighting Ransomware

Author:Sharon D. Nelson and John W. Simek
Date:April 01, 2016
 
FREE EXCERPT

According to Security Magazine, the number of ransomware attacks is predicted to increase in 2016. For the second quarter of 2015, more than 4 million samples of ransomware infections were identified as compared to 1.5 million in the third quarter of 2013. That’s a pretty big increase.

Ransomware

So what is ransomware? Ransomware is a piece of malware that encrypts your data and holds it hostage until you pay a ransom. The idea is that after you pay the ransom, you receive the decryption key in order to decrypt your data and make it accessible again. The payment is made in bitcoins since the bad guys don’t accept VISA or MasterCard. Previous versions of ransomware infect your local drive and any other data that appears as a drive letter to your computer. That could be the external USB drive that shows up as L: or the flash drive that identifies itself as the E: drive to your computer.

One of the latest versions of ransomware is called Locky and has brought the infection risk to a new level. Locky is delivered as an evil Word macro. The good news is that execution of macros is disabled by default. So the first lesson is: Don’t run the macro when you see the warning box. The really scary part about Locky is that it will encrypt network shares that use a UNC (Universal Naming Convention) path. You will recognize a UNC path as being defined as \\<server name>\<share name>. You can recognize a Locky infection as it changes all the file extensions to .locky after it encrypts the contents. Many system administrators were using UNC as a way to get to network resources instead of drive letters to minimize the impact of ransomware infections. With the release of Locky, even UNC paths won’t help you. As the bad guys evolve, so must we.

Training

So what can you do to minimize the potential of ransomware infection? Probably the most effective method is training employees to recognize the delivery...

To continue reading

FREE SIGN UP