A ransomware campaign launched on September 18th, 2017 features a new phishing technique that tricks users into opening what looks like a scanned document from an internal printer. This new phishing technique delivers ransomware that experts at Comodo Threat Research Lab have dubbed “IKARUS”. However, don’t let the new name fool you, IKARUS is the third generation of already wide-spread Locky ransomware. The key is that this variant of Locky works through an email attachment. The hacker will send an email to a user disguised as a printer output which contains a script inside an archived file. This alone may not be enough to register the malicious email as a phishing attempt. In fact, this new delivery channel will bypass some of the defensive/technical controls that businesses currently have in place, making it extremely hard to catch before a user has been exploited.
This story is another example of the ongoing war between offensive and defensive cyber tactics. Defensive techniques for the first two versions of Locky had been developed and dispersed, so a new attack method has been adopted. This is an important thought to keep in mind and re-emphasizes the importance of training employees to have security awareness. A technical control may not recognize that a user did not scan a document from an internal printer, but a user would know that. Therefore, it is important that end users are trained to recognize abnormal activity and respond accordingly.
For more information about the Locky ransomware or to speak with a GraVoc employee about the security of your business, contact us below.
Related articles
Change Healthcare Attack: Ransomware Protection Measures for Healthcare Organizations
In light of the Change Healthcare attack, we explore why hackers target healthcare and how healthcare can defend against ransomware.
GraVoc Recognized on CRN MSP 500 List for Second Year in a Row
For the second year in a row, GraVoc has been recognized on the CRN® MSP 500 list in the Pioneer 250 category!
PCI SAQ Types: Which SAQ is Right for Your Business?
In this blog post, we provide an overview of the SAQ types for PCI DSS v4.0 and how to select a PCI SAQ that’s right for your business.