Rechercher
Contactez-nous Suivez-nous sur Twitter En francais English Language
 

Freely subscribe to our NEWSLETTER

Newsletter FR

Newsletter EN

Vulnérabilités

Unsubscribe

Locky Ransomware – expert source

February 2016 by Dodi Glenn, VP of Cyber Security at PC Pitstop

Recent reports indicate that the actors behind Dridex, originally a banking Trojan distributor, have switched tactics, and are now heavily pushing out a new ransomware called Locky. The current method of distribution is via a spam email, which contains a Word document. Additional reports state that it is being distributed via the Neutrino Exploit Kit.

Dodi Glenn, VP of Cyber Security at PC Pitstop says, “If an individual opens the spam email, ignores the macro Word alert and clicks "enabled content", Locky will immediately scan the system for specific files, and encrypt or modify them so they can no longer be used - that is, unless a ransom is paid, which Locky’s current amount is .5 BTC, or the equivalent of $209.33. These file types are commonly found on end users’ machines, such as .doc, .csv, .pdf, .jpg, etc. However, what should be more concerning to enterprise customers is that it will also look for .SQL, .SQLiteDB, and .SQLite3 files, which are associated with databases. The transaction is all too familiar for many of the other types of ransomware out there. PC Matic users should know that this malware is blocked, and cannot be executed on machines protected with Super Shield.”


See previous articles

    

See next articles


Your podcast Here

New, you can have your Podcast here. Contact us for more information ask:
Marc Brami
Phone: +33 1 40 92 05 55
Mail: ipsimp@free.fr

All new podcasts