You’ve probably heard countless terms relating to cybersecurity, but here we are going to focus on just one: attack surface. An “attack surface” is simply the number of possible ways an attacker can get into a device or network and extract data. It’s an especially important measurement for SMBs because most think they are too small to be a target, but a quick look at their attack surface shows that it is in fact quite large, increasing their exposure to risk.
Endpoints are an easy target for hackers, so it’s essential that small businesses protect themselves. Connected employees, vulnerable software and weak antivirus all contribute to this being a favorite target of hackers. And, as the list below details, there are many types of cyberattacks that target endpoints, from phishing to malvertising.
It’s the review we always welcome: AV-Comparatives conducts independent tests throughout the year to take a hard look at 21 security products for Windows, putting them through rigorous testing that examines their ability to 1) protect against real-world internet threat, 2) identify thousands of recent malicious programs, 3) provide protection without slowing down the PC, and finally, 4) remove malware that has already infected a PC.
Cybersecurity is a major concern in today’s world, both at the corporate and personal levels. Our computers, our handheld devices, and our smart home and IoT products are vulnerable to a variety of attacks. In 2017 alone, Avast blocked 35 billion security attacks against PCs and 208 million against Android mobile devices. What was one of the biggest security threats? Ransomware.
Cyberattacks are continuing to increase in number and severity every year, and 2018 will be no exception. We believe that many of the threats we observed in 2017 will, unfortunately, appear in evolved forms this year to continue threatening our busines…
In 2017, Avast blocked more than 122 million WannaCry attacks, the infamous ransomware that caused tears to be shed around the globe. That attack, along with the Petna and Bad Rabbit ransomware attacks, cost consumers and businesses around the world more than 5 billion dollars. Without a doubt, ransomware was the year’s biggest threat. And this terrible trend will unfortunately continue rising in 2018.
Ransomware has been a hot topic recently. The latest PC ransomware, Locky, made its rounds in late February and multiple hospitals were infected with ransomware, which forced an online shutdown. Not only is ransomware continually attacking PCs, but thi…
Locky is a considerable security threat that is now widely spread.
It seems that Locky’s authors are now predominately using one campaign to spread the ransomware. Last week, we published a blog post about Locky Ransomware, the ransomware that is most likely being spread by the infamous Dridex botnet. In our last blog post, we described three campaigns the Locky authors are using to spread their malware. Now Locky’s authors are mainly using the campaign with javascript packed into a zip file sent to people through phishing emails.
Today, we bring you a deep look into the latest ransomware called Locky. This new file encryptor, targeting PC users, has most likely been created by authors of the well-known Dridex botnet and is spread the same way.
Locky uses all “top class” features, such as a domain generation algorithm, custom encrypted communication, TOR/BitCoin payment, strong RSA-2048+AES-128 file encryption and can encrypt over 160 different file types, including virtual disks, source codes and databases.
We monitored the Locky family this past month and discovered a second variant of the malware, which has new features and program code improvements. Locky’s authors added a new hard-coded seed to the domain generation algorithm, which allows them to deactivate Locky on Russian PCs.
Infection vector
Locky is spreading via spam email campaigns that are similar to those used by the Dridex botnet. They use similar file names, obfuscation, email content and structure of download URLs.
We have observed three different campaign versions of Locky and have described them below.
Below is an example of one of the spam emails. The emails are designed to make people believe they were sent from large companies such as Nordstrom, Symantec and Crown Holdings.
The recent ransomware attack on the Hollywood Presbyterian Medical Center in Los Angeles has spooked the healthcare community. Hackers installed *ransomware in the hospital computer system and held patient records hostage while demanding payment. The hospital eventually paid $17,000 to have their files unlocked. Attacks on major insurance and healthcare systems last year including Excellus […]