Ransomware is quickly becoming a mainstream form of malware, according to the Clearwater, Fla.-based cybersecurity firm KnowBe4, and one driving factor is the significant amount of cash being racked up by the notorious Dridex banking Trojan gang with its new Locky strain.

Locky was linked to the Russian Dridex gang by IT security companies Proofpoint and Palo Alto Networks as the most prominent form of operating banking malware, replacing former frontrunner CryptoWall.

While no more sophisticated than other forms of crypto-ransom malware, the Dridex Locky ransomware strain is spreading to victims' systems rapidly. Forbes claimed Locky infects approximately 90,000 systems per day (more than one per second) and typically asks users for 0.5-1 Bitcoin (or $420) to unlock their systems.

Over the past few days, the Dridex botnet sent at least four million phishing emails with a zip file as the attachment, which contains a JavaScript file that downloads and installs Locky, according to KnowBe4.

“Ransomware is seeing unprecedented growth with cyber-gangs competing for criminal market share,” KnowBe4 CEO Stu Sjouwerman said. “This competition spurred furious innovation in strategy and tactics, and we see ransomware taking the lead in criminal business models. It is not going to get easier. The only way around these tactics is to recognize the red flags and inoculate employees with effective security awareness training and simulated phishing tests.”

Locky, which reportedly uniquely hashes each binary, disseminates through phishing emails containing Microsoft Word attachments. Consequently, signature-based detection by a traditional antivirus product is nearly impossible, according to KnowBe4.

The firm offered the following tips to fight Locky:

  • Block all emails with .zip extensions and/or macros at the email gateway level.
  • If possible, disable vehicles used as attack vectors such as Adobe Flash Player, Java and Silverlight.
  • Give all employees effective security awareness training so they can recognize the red flags related to ransomware attacks.
  • Conduct a phishing security test on users to find out if they will click on something they should not.

Breaches linked to third-party vendors are also continuing to threaten businesses.

For example, American Express wrote to some card members warning of a data compromise by a third-party provider. In a letter published on the California attorney general's site on March 10, the card firm said it became aware that a third-party service provider engaged by numerous merchants experienced unauthorized access to its system. The breach, which happened in December 2013, saw account numbers, names and other information, such as expiration dates, breached.

“It is important to note that American Express owned or controlled systems were not compromised by this incident, and we are providing this notice to you as a precautionary measure,” the letter read.

Kurt Stammberger, chief marketing officer for the San Mateo, Calif.-based cybersecurity firm Fortscale, said, “Partner failures, like the one American Express just experienced, are one of the fastest-growing types of cybersecurity breaches, and it's a primary focus of our research. Look, the truth is, companies like Amex are really, really good at security, they are basically security Jedi. But when you're operating a modern multinational corporation like American Express, it's almost impossible to make sure that all your thousands of partner organizations and service providers are taking security as seriously as you do. It's a huge problem.”

Complete your profile to continue reading and get FREE access to CUTimes.com, part of your ALM digital membership.

Your access to unlimited CUTimes.com content isn’t changing.
Once you are an ALM digital member, you’ll receive:

  • Breaking credit union news and analysis, on-site and via our newsletters and custom alerts
  • Weekly Shared Accounts podcast featuring exclusive interviews with industry leaders
  • Educational webcasts, white papers, and ebooks from industry thought leaders
  • Critical coverage of the commercial real estate and financial advisory markets on our other ALM sites, GlobeSt.com and ThinkAdvisor.com
NOT FOR REPRINT

© 2024 ALM Global, LLC, All Rights Reserved. Request academic re-use from www.copyright.com. All other uses, submit a request to [email protected]. For more information visit Asset & Logo Licensing.

Roy Urrico

Roy W. Urrico specializes in articles about financial technology and services for Credit Union Times, as well as ghostwriting, copywriting, and case studies. Also: writer/editor of a semi-annual newsletter for Association for Financial Technology since 1997 and history projects funded by the U.S Interior Department, National Park Service and Warren County (N.Y.).