sb-as logo
Story image

Locky ransomware is back as one of September's 'most wanted' malware

16 Oct 2017

The Locky ransomware has been dubbed one of ‘September’s Most Wanted’ malware after attacks surged by 11.5% across the world last month – spurred in part by the Necurs botnet.

The Locky malware is one of the most prevalent ransomware families, spreading through spam emails with attached downloaders in Word or ZIP attachments and macros.

“When users activate these macros – usually via a social engineering instruction – the attachment downloads and installs the malware that encrypts the user files. A message directs the user to download the Tor browser and visit a webpage demanding a bitcoin payment,” the company explains.

It is the first time that the Locky attacks have made it inside the top 10 list of malware since November 2016, according to Check Point’s Global Threat Impact Index, beaten only by a large-scale malvertising campaign called RoughTed.

RoughTed is malvertising that delivers malicious websites and payloads including scams, adware, exploit kits and ransomware. It is able to bypass adblockers to ensure its attacks are delivered.

Rounding out the top three ‘Most wanted’ malware is Globeimposter, a ransomware variant of the Globe ransomware. Discovered in May 2017, it is distributed by spam campaigns, malvertising and exploit kits.

“If any organizations were still in doubt about the seriousness of the ransomware threat, these statistics should make them think twice,” comments Maya Horowitz, Threat Intelligence, Group Manager at Check Point.

“We’ve got ransomware taking up two of the top three spots – one a relatively new variant that just emerged this year, and the other an older family that has just had a massive reboot. All it takes is for a single employee to be taken in by a social engineering trick, and organizations can be placed in a hugely compromising position,” Horowitz continues.

The Index also looked at mobile malware, which noted a shift in popularity of the Triada android backdoor.

Top 3 ‘Most Wanted’ mobile malware:

1. Triada - Modular Backdoor for Android which grants superuser privileges to downloaded malware, and helps it to get embedded into system processes. Triada has also been seen spoofing URLs loaded in the browser.

2. Hiddad - Android malware which repackages legitimate apps and then releases them to a third-party store. Its main function is displaying ads, however it is also able to gain access to key security details built into the OS, allowing an attacker to obtain sensitive user data.

3.  Lotoor - Hack tool that exploits vulnerabilities on Android operating systems in order to gain root privileges on compromised mobile devices.

Story image
54% rise in gaming-related cyber attacks recorded in April
Social isolation measures, widely implemented throughout the world during March and April, has been linked to both the increase in engagement for gaming and a corresponding boom in game-related cyber attacks.More
Story image
Okta, CrowdStrike, Netskope and Proofpoint create shared zero trust security strategy
Okta, CrowdStrike, Netskope and Proofpoint have joined forces to develop and launch an integrated, zero trust security strategy, stating that this is crucial for today’s digital and remote working environments.More
Link image
Info on demand: Your portal to enterprise IT
Watch Cloudera’s on-demand sessions to learn how you can start your journey to the data cloud the right way, secure, cost-effective, and with analytics users crave.More
Story image
Banks failing customers when it comes to mobile app security
"Through these vulnerabilities, hackers can obtain usernames, account balances, transfer confirmations, card limits, and the phone number associated with a victim's card.”More
Story image
Oracle combines cloud automation with comms security in new solution
The Oracle Communications Security Shield (OCSS) Cloud is built on the company’s cloud infrastructure, and uses AI and real-time enforcement to combat the heightened risk of infrastructure attacks presented to contact centres and enterprises.More
Story image
Remote working trend bolsters cybersecurity investment - but downturn predicted
A new report from Canalys indicates investment in cybersecurity has increased 9.7% - but worsening economic conditions could turn the statistic around.More