Check Point® Software Technologies Ltd., a leading provider of cyber-security solutions globally, has revealed a massive increase in worldwide Locky attacks during September, with the ransomware impacting 11.5% of organizations globally, according to the company’s latest Global Threat Impact Index.
Locky has not appeared in the company’s top ten ‘most wanted’ malware ranking since November 2016, but the ransomware rose sharply to second place in September, powered by the Necurs botnet, which in itself was ranked at number ten in the table. These attacks propelled Locky up 25 places in the index, to sit just behind the RoughTed malvertising campaign.
Locky’s distribution began in February 2016, and it rapidly became one of the world’s most prominent malware families. It spreads primarily via spam emails containing a downloader disguised as a Word or Zip attachment which contains malicious macros. When users activate these macros – usually via a social engineering instruction – the attachment downloads and installs the malware that encrypts the user files. A message directs the user to download the Tor browser and visit a webpage demanding a bitcoin payment. In June 2016, the Necurs botnet released an updated version of Locky containing new detection avoidance techniques.
The resurgence of Locky shows that businesses can never rest on their laurels as far as malware is concerned. Sophisticated cybercriminals will continually seek ways of tweaking existing tools to make them potent again, while powerful botnets can give old variants a new lease of life, enabling them to rapidly target users around the globe. That more than one in ten organizations around the world seemed to be affected by a single ransomware family in September, underlines how existing malware can be just as dangerous as brand-new variants.
“If any organizations were still in doubt about the seriousness of the ransomware threat, these statistics should make them think twice,” added Maya Horowitz, Threat Intelligence, Group Manager at Check Point. “We’ve got ransomware taking up two of the top three spots – one a relatively new variant that just emerged this year, and the other an older family that has just had a massive reboot. All it takes is for a single employee to be taken in by a social engineering trick, and organizations can be placed in a hugely compromising position”.
At Check Point, we believe it is important to deploy a multi-layered cybersecurity strategy that protects against both established malware families as well as brand new, zero-day threats. Effective cyber security tools look for suspicious behaviors or general characteristics, like embedded macros in documents, not just familiar malware signatures – This is the approach taken by SandBlast™ Zero-Day Protection and Mobile Threat Prevention.