Ransomware Alert - Diablo and Lukitus Variants of Locky Malware
One of the most prominent ransomware families has returned in the form of a new email spam campaign that is once again infecting systems worldwide with file-encrypting malware.
Know as "Locky", this ransomware has recently been detected with a new file extension called Diablo6.
Another variant that has been seen is one which adds the extension "Lukitus" to encrypted files.
Both of these variants are being distributed through spam emails. These emails include PDF attachments that have embedded .DOCM files. If the file is download and the request to enable macros is accepted, the malware will encrypt the computer's files and demand a ransom in order to get a private key from the attackers.
Envision is monitoring this virus for our Managed Services customers, however, keeping yourself out of the crosshairs requires addressing security from multiple vectors. Here are some of the common best practices to maintain to help prevent future attacks in your organization:
- Keep your patching up to date. While it’s not a guarantee, keeping your Windows patches up to date helps to reduce the ability of having your systems affected.
- Backup your files. In the event you are affected, then having your files backed up on a regular basis allows you to restore your files from a time prior to being infected.
- Border security. Make sure that you have a firewall with border security services enabled including filtering of malicious content (email and web) and IDS and IPS services.
- Diligence in end-user training. Ongoing training of your end users around being aware and diligent in these type of cyber-attacks helps round out your security posture. Most of these types of attack are initiated by opening up an infected file.
Remember that if an infection does occur, unplug the affected device from the network (or power it down) as quickly as possible to reduce the likelihood of exposing any additional systems to the attack.
If you're concerned about your company's security or have questions about this latest threat, please contact an Envision security expert for assistance.