SecurityBrief Asia logo
Story image

Locky ransomware is back as one of September's 'most wanted' malware

16 Oct 2017

The Locky ransomware has been dubbed one of ‘September’s Most Wanted’ malware after attacks surged by 11.5% across the world last month – spurred in part by the Necurs botnet.

The Locky malware is one of the most prevalent ransomware families, spreading through spam emails with attached downloaders in Word or ZIP attachments and macros.

“When users activate these macros – usually via a social engineering instruction – the attachment downloads and installs the malware that encrypts the user files. A message directs the user to download the Tor browser and visit a webpage demanding a bitcoin payment,” the company explains.

It is the first time that the Locky attacks have made it inside the top 10 list of malware since November 2016, according to Check Point’s Global Threat Impact Index, beaten only by a large-scale malvertising campaign called RoughTed.

RoughTed is malvertising that delivers malicious websites and payloads including scams, adware, exploit kits and ransomware. It is able to bypass adblockers to ensure its attacks are delivered.

Rounding out the top three ‘Most wanted’ malware is Globeimposter, a ransomware variant of the Globe ransomware. Discovered in May 2017, it is distributed by spam campaigns, malvertising and exploit kits.

“If any organizations were still in doubt about the seriousness of the ransomware threat, these statistics should make them think twice,” comments Maya Horowitz, Threat Intelligence, Group Manager at Check Point.

“We’ve got ransomware taking up two of the top three spots – one a relatively new variant that just emerged this year, and the other an older family that has just had a massive reboot. All it takes is for a single employee to be taken in by a social engineering trick, and organizations can be placed in a hugely compromising position,” Horowitz continues.

The Index also looked at mobile malware, which noted a shift in popularity of the Triada android backdoor.

Top 3 ‘Most Wanted’ mobile malware:

1. Triada - Modular Backdoor for Android which grants superuser privileges to downloaded malware, and helps it to get embedded into system processes. Triada has also been seen spoofing URLs loaded in the browser.

2. Hiddad - Android malware which repackages legitimate apps and then releases them to a third-party store. Its main function is displaying ads, however it is also able to gain access to key security details built into the OS, allowing an attacker to obtain sensitive user data.

3.  Lotoor - Hack tool that exploits vulnerabilities on Android operating systems in order to gain root privileges on compromised mobile devices.

Story image
Cybersecurity budgets still not keeping up with threats — report
Executive teams are failing to recognise the level of damage cyber-threats pose to organisations, according to Sophos — many of them taking a ‘conservative approach’ to cybersecurity expenditure.More
Story image
Why a more secure organisation is a collective responsibility
With vast volumes of data moving to the cloud, many IT professionals are frequently challenged to protect their enterprise environment, and there is a greater focus being placed on advancing cybersecurity strategies.More
Story image
Kroll completes Redscan acquisition, expands cyber risk portfolio
With the addition of Redscan and its extended detection and response (XDR) enabled security operations centre (SOC) platform, Kroll expands its Kroll Responder capabilities to support a wider array of cloud and on-premise telemetry sources.More
Story image
Enterprises prioritise customer data protection but continue to leave it exposed
“Breaches of personal information strike at the heart of the relationship between enterprises and their customers."More
Story image
Aruba updates edge security platform with SD-WAN capabilities
Aruba’s latest iteration of its Edge Services Platform (ESP) has been quick to make use of HPE’s acquisition of Silver Peak in September last year.More
Story image
Attivo Networks expands Active Directory suite for greater protection
"We see Active Directory exploitation used in the majority of ransomware, insider and advanced attacks. We are pleased to now offer our customers early and efficient solutions for preventing the misuse of Active Directory.”More