Story image

Locky ransomware is back as one of September's 'most wanted' malware

16 Oct 2017

The Locky ransomware has been dubbed one of ‘September’s Most Wanted’ malware after attacks surged by 11.5% across the world last month – spurred in part by the Necurs botnet.

The Locky malware is one of the most prevalent ransomware families, spreading through spam emails with attached downloaders in Word or ZIP attachments and macros.

“When users activate these macros – usually via a social engineering instruction – the attachment downloads and installs the malware that encrypts the user files. A message directs the user to download the Tor browser and visit a webpage demanding a bitcoin payment,” the company explains.

It is the first time that the Locky attacks have made it inside the top 10 list of malware since November 2016, according to Check Point’s Global Threat Impact Index, beaten only by a large-scale malvertising campaign called RoughTed.

RoughTed is malvertising that delivers malicious websites and payloads including scams, adware, exploit kits and ransomware. It is able to bypass adblockers to ensure its attacks are delivered.

Rounding out the top three ‘Most wanted’ malware is Globeimposter, a ransomware variant of the Globe ransomware. Discovered in May 2017, it is distributed by spam campaigns, malvertising and exploit kits.

“If any organizations were still in doubt about the seriousness of the ransomware threat, these statistics should make them think twice,” comments Maya Horowitz, Threat Intelligence, Group Manager at Check Point.

“We’ve got ransomware taking up two of the top three spots – one a relatively new variant that just emerged this year, and the other an older family that has just had a massive reboot. All it takes is for a single employee to be taken in by a social engineering trick, and organizations can be placed in a hugely compromising position,” Horowitz continues.

The Index also looked at mobile malware, which noted a shift in popularity of the Triada android backdoor.

Top 3 ‘Most Wanted’ mobile malware:

1. Triada - Modular Backdoor for Android which grants superuser privileges to downloaded malware, and helps it to get embedded into system processes. Triada has also been seen spoofing URLs loaded in the browser.

2. Hiddad - Android malware which repackages legitimate apps and then releases them to a third-party store. Its main function is displaying ads, however it is also able to gain access to key security details built into the OS, allowing an attacker to obtain sensitive user data.

3.  Lotoor - Hack tool that exploits vulnerabilities on Android operating systems in order to gain root privileges on compromised mobile devices.

Kiwis know security is important, but they're not doing much about it
Only 49% of respondents use antivirus software and even fewer – just 19% -  change their passwords regularly.
Avi Networks: Using visibility to build trust
Visibility, also referred to as observability, is a core tenet of modern application architectures for basic operation, not just for security.
Privacy: The real cost of “free” mobile apps
Sales of location targeted advertising, based on location data provided by apps, is set to reach $30 billion by 2020.
Myth-busting assumptions about identity governance - SailPoint
The identity governance space has evolved and matured over the past 10 years, changing with the world around it.
Forrester names Crowdstrike leader in incident response
The report provides an in-depth evaluation of the top 15 IR service providers across 11 criteria.
Slack doubles down on enterprise key management
EKM adds an extra layer of protection so customers can share conversations, files, and data while still meeting their own risk mitigation requirements.
Security professionals want to return fire – Venafi
Seventy-two percent of professionals surveyed believe nation-states have the right to ‘hack back’ cybercriminals.
Alcatraz AI to replace corporate badges with AI security
The Palo Alto-based startup supposedly leverages facial recognition, 3D sensing, and machine learning to enable secure access control.