Locky Ransomware in 2016
Ransomware has surged dramatically this year with the launch of a new variant called “Locky.” Delivered via massive malicious spam blasts (malspam), Locky represented 40% of all malware distributed worldwide during the first quarter of 2016.
And as these attacks have become more sophisticated, attackers are increasingly targeting businesses and organizations that have deeper pockets. So far, law enforcement has been helpless to stop these threats, IT teams are struggling and failing to protect their organizations, and attackers are raking in the money.
As a result, we (and everyone else in the market) expect dramatic growth in ransomware over the next year – as a matter of fact, we’re already seeing it:
- Ransomware distribution is expanding from malspam email blasts to a number of well-known exploit kits that deliver the malware via the web on compromised websites or malvertising.
- The evolution of each ransomware variant is happening quite quickly as well – the Locky virus changed its payload format from malicious macros in MS Office files, to obfuscated javascript in zipped files within 30 days of the first malspam outbreak.
- Ransomware is evolving to go after targets that are traditionally more difficult to compromise and monetize, including smartphones and Mac computers.
How to Protect your Business
These attacks can seriously impact your business, and legacy security technologies are notoriously bad at stopping these threats. In order to defend yourself, you need to take a look at advanced cloud gateway and endpoint security across both email and web channels, incorporating advanced security technologies like sandboxing, outbreak detection, IP reputation, and machine learning.
To learn what you can do to prevent your business from being victimized by ransomware, check out our recent webinar on that topic (see link below). And for deeper technical dives, see the blogs below, and sign up for our upcoming “deep dive” on Locky by our security research team on May 17:
- On Demand Webinar: Confronting the Ransomware Crisis: Best Practices for Securing Your Business
- Blog: Not an April Fool’s Day Joke: Locky Ransomware
- Blog: You’ve Got Crypto Mail!
- Live Webinar on May 17: Learn All About Locky — A Deep Dive on Ransomware from the CYREN Security Lab