Rechercher
Contactez-nous Suivez-nous sur Twitter En francais English Language
 











Freely subscribe to our NEWSLETTER

Newsletter FR

Newsletter EN

Vulnérabilités

Unsubscribe

KnowBe4 Warns Companies: Deadly Dridex Gang Muscles into Ransomware Racket

March 2016 by KnowBe4

Ransomware is moving rapidly into the malware mainstream. One of the driving factors is the high dollar numbers racked up by the notorious Dridex banking Trojan gang muscling into ransomware with its new Locky strain. Locky was linked to the Dridex gang by IT security companies Palo Alto Networks and Proofpoint. The Russian Dridex group is the most prominent operating banking malware, taking over the lead from CryptoWall.

According to KnowBe4 CEO, Stu Sjouwerman, “Ransomware is seeing unprecedented growth with cyber-gangs competing for criminal market share. This competition spurred furious innovation in strategy and tactics, and we see ransomware taking the lead in criminal business models. It isn’t going to get easier. The only way around these tactics is to recognize the red flags and inoculate employees with effective security awareness training and simulated phishing tests.”

The Dridex Locky ransomware strain isn’t more sophisticated than other latest generation crypto-ransom malware, but is rapidly spreading to victims’ systems. Forbes claims Locky is infecting approximately 90,000 systems per day (that’s over 1 per second) and it typically asks users for 0.5-1 Bitcoin (or $420 USD) to unlock their systems. Locky is disseminated through phishing emails containing Microsoft Word attachments. Each binary of Locky is reportedly uniquely hashed; consequently, signature-based detection by a traditional antivirus product is nearly impossible.

The Dridex gang is the 800-pound gorilla in banking Trojans. Apparently, it has seen the profit potential of ransomware, leveraging its extensive criminal infrastructure to get its Locky strain infecting as many machines as possible. Consequently, financial institutions are likely the next major sector to be actively targeted. The FBI stated that the threat from ransomware is expected to grow, according to a recent interview in the Wall Street Journal.

In the past few days, the Dridex botnet sent at least 4 million phishing emails with a zip file as the attachment, which contains a JavaScript file that downloads and installs Locky.

What to Do About It
1. Block any and all emails with .zip extensions and/or macros at your email gateway level.
2. Disable Adobe Flash Player, Java, and Silverlight if possible – these are used as attack vectors.
3. Step all employees through effective security awareness training so they can recognize the red flags related to ransomware attacks.
4. Print out this (https://cdn2.hubspot.net/hubfs/241394/Knowbe4-May2015-PDF/SocialEngineeringRedFlags.pdf) free job aid, laminate it, and hand it out to employees so they can pin it on their wall.
5. Do a Phishing Security Test on your users to find out if they will click on something they shouldn’t.

KnowBe4 also offers a crypto-ransom guarantee and will pay its customer’s ransom if the company gets hit with ransomware due to human error of an employee.


See previous articles

    

See next articles












Your podcast Here

New, you can have your Podcast here. Contact us for more information ask:
Marc Brami
Phone: +33 1 40 92 05 55
Mail: ipsimp@free.fr

All new podcasts