eScan observes new variants of Locky Ransomware

To proliferate ransomware, cyber criminals often employ spam emails (infectious attachments), unofficial software download sources, trojans, and fake software updates. eScan’s research team has found out that there are two new variants of Locky Ransomware which add .diablo6 or .lukitus as file extensions to the encrypted files. For past few months Locky had gone dark but now in past couple of days, it has reared its ugly head. Locky was one of the most prominent of the Ransomware family and with the recent spam campaign, it has again proved that unless and until the creators of the dreaded Ransomware are not apprehended, it would keep on wreaking havoc. Spam emails might contain attachments (for example, JavaScript files, MS Office documents, etc.) designed to download/install malware.

Once infected it contacts its Command and Control (CnC) server and sends across the encryption keys which are important for successfully decrypting the files once the ransom has been paid. Unlike Wannacry Ransomware, there does not exist a Kill Switch Domain in Locky. WannaCry used the Eternal Blue exploit to propagate, it called back to a non-existent domain and this flaw was exploited by researchers to stop WannaCry dead in its track. However, with Locky this cannot be done.

Law Enforcement Agencies and Security Researchers may try to gain access to the CnC and provide the decryption keys as they have done this in the past. eScan PBAE detects and blocks these attempts by Locky Ransomware. (https://www.escanav.com/en/about-us/PBAE-technology.asp)

Locky File Extensions
Locky, after encrypting the files, changes the extension to one of the below mentioned:
• Diablo6
• Lukitus

Prevention Measures:
• Administrators should block all executable files from being transmitted via emails.
• Administrators should isolate the affected system in the Network.
• Administrator can restore the encrypted files from the backup or from system restore point (if enabled) for affected systems.
• Install and Configure eScan with all security modules active.
eScan Real Time Monitoring
eScan Proactive protection
eScan Firewall IDS/IPS Intrusion prevention

• Users shouldn’t enable macros in documents.
• Organizations should deploy and maintain a backup solution.
• Most important, Organizations should implement MailScan at the Gateway Level for mail servers, to contain the spread of suspicious attachments.

About eScan:

eScan is an ISO (27001) certified pure play enterprise security solution company with over 2 decades of expertise in developing IT security solutions. eScan today has a presence in 12 countries through its offices and subsidiaries. It also boasts of a robust channel partner network of more than 50, 000 partners spread across 190 countries worldwide. It is trusted by more than 6,500 enterprise and corporate users spread across various industry segments such as Government, BFSI, Education, Defense, Telecom, IT & ITeS, Infrastructure, Hospitality, and Healthcare worldwide.

It is powered by some of the latest and innovative technologies, such as Proactive Behavioral Analysis Engine (PBAE) Technology, MicroWorld Winsock Layer (MWL) Technology, Domain & IP Reputation Check (DIRC) Technology, Non-Intrusive Learning Pattern (NILP) Technology, and sophisticated Anti-Virus Heuristic Algorithms that not only provide protection from current threats, but also provides proactive protection against the ever-evolving cyber threats. eScan provides 24x7 free remote support facility to help its esteemed users to provide real-time solutions for security related issues.

For more information, visit www.escanav.com

39555 Orchard Hill Place, Suite 600
Novi, MI 48375

This release was published on openPR.