[ALERT] Deadly Dridex Cybercrime Gang Has Just Moved Into Ransomware
Ransomware Has Evolved Into one of the Biggest Threats...
According to WSJ, Americans are being victimized by hackers extorting money through ransomware, and the problem is expected to get worse this year. Ransomware is malware that holds the victim's computer to ransom, either by restricting access to the computer by locking the desktop or by encrypting the user's files. The malware then displays a ransom note, often claiming to be from the police, the FBI, or some other type of law enforcement agency. KnowBe4 reports the one thing that is driving mainstream recognition of ransomware is the move by the Dridex banking Trojan gang into ransomware with their Locky strain. They have taken over from CryptoWall, which from their perspective is just an upstart.
Locky was linked to the notorious Dridex gang by both Palo Alto Networks and Proofpoint. The Russian Dridex criminal group is the most prominent operating banking malware.
The Dridex Locky ransomware strain isn't more sophisticated than other latest generation crypto-ransom malware, but it is rapidly spreading to victim systems. Forbes claims that Locky is infecting approximately 90,000 systems per day and that it typically asks users for 0.5-1 Bitcoin (~420 dollars) to unlock their systems. Locky is disseminated through phishing emails containing Microsoft Word attachments. Each binary of Locky is reportedly uniquely hashed; consequently, signature-based detection is basically impossible.
The Dridex gang is the 800-pound gorilla in banking Trojans. Apparently they have seen the profit potential of ransomware and leveraged their extensive criminal infrastructure to get their Locky strain infecting as many machines as possible. Consequently, financial institutions are likely the next major sector to be actively targeted. The FBI just stated that the threat from ransomware is expected to grow, as per an article in the WSJ.
The last few days, the Dridex botnet has sent at least 4 million phishing emails with a zip file as the attachment. The zip file contains a JavaScript file which downloads and installs Locky.
Here are 5 Things To Do About It
- Block any and all emails with .zip extensions and/or macros at your email gateway level.
- Disable Adobe Flash Player, Java and Silverlight if possible. These are used as attack vectors.
- Step all employees through effective security awareness training, so they can recognize the red flags related to ransomware attacks.
- Print out this free job aid, laminate it, and hand it out to employees so they can pin it on their wall.
- Do a Phishing Security Test on your users and find out if they are going to click on something they shouldn't.
If you are concerned about protecting yourself from cyber security thieves, give us a call at 954.920.9604 or contact us and we’ll be happy to help you setup a cost effective program to bring awareness to your employees, and run random phishing security tests so you can spot the weak links in your office.
