MSP Blog Logo

BDR

Business Growth

Cybersecurity

Help Desk

MDM

RMM

Sales & Marketing

Subscribe

Empowering Your MSP Business to Grow and Prosper—One Post at a Time

5 Ways to Improve Your MSP Service Level Agreement (SLA)

Featured Post

5 Ways to Improve Your MSP Service Level Agreements (SLAs)

SLAs are the foundation of your MSP business. They are essential to building strong client relationships and must be clear, reasonable and well-constructed.

Read Now

New Locky-Variant Ransomware: What MSPs and MSSPs Need to Know

Posted August 17, 2017by Meaghan Moraes

New Locky-Variant Ransomware: What MSPs and MSSPs Need to Know

As an IT professional, you know how relentless ransomware attacks have become in today’s landscape. Recently, a variant of the notorious Locky ransomware has become part of a large-scale email-based campaign managing to slip past the defenses of some unsuspecting companies.

On August 9, the first campaign of a massive, worldwide ransomware attack was detected—and 62,000 phishing emails related to the attack have been identified as of last week. This new Locky-variant continues to unfold, powered from more than 11,625 distinct IP addresses in 133 different countries (the top five being Vietnam, India, Mexico, Turkey and Indonesia). As an MSP, here’s what you need to know about this new Locky-variant ransomware and how you can ensure you and your clients can remain protected against it.

Looking Out for Locky

Locky is a common type of ransomware that emerged in 2016 and has since been utilized in a wide range of cyber attacks. However, this new variant is one we have not seen before. So, how exactly does this variant work and what should MSPs be aware of from a cybersecurity standpoint?

The main way this Locky-variant is spread is by social engineering. Through phishing emails, users are tricked or induced into opening a docx, pdf, jpg, zip or other file containing the ransomware called “IKARUSdilapidated,” after a phrase that appears in the code string. If the user follows through and opens the attached file, the ransomware then takes over.

From here, all files that match particular extensions are encrypted and filenames are converted to a unique 16 letter and number combination with the .locky file extension. After the files are completely encrypted, users are given instructions for downloading a Tor browser and directed to a site on the dark web where the cyber criminals demand a ransom payment of up to one bitcoin (which equates to over $4,000).

Many endpoint protection solutions have been updated to detect Locky ransomware, however, this variant is able to slip past certain tools because it is so new. Thus, as a new ransomware variant, it is read as an “unknown file” and is allowed entry by organizations not using a “default-deny” security posture (which denies entry to all unknown files until it is verified that they are safe to enter the IT infrastructure), making it more difficult to detect and remediate.

On the Pulse of Ransomware as an MSP or MSSP

For MSPs offering security services to small- and medium-sized businesses (SMBs), or those looking to make the transition to MSSP, it is vital that you properly educate your clients and provide the right tools to minimize the serious risk at hand. While antivirus and firewalls are incredibly effective in reducing risk, your clients need a more robust security solution in place to defend against the increasingly dangerous threat landscape. For this particular type of ransomware attack, an effective security posture is needed to detect and respond to threats, as well as block all unknown files from the IT infrastructure until they are verified as safe.

Unfortunately, no matter how strong the security solutions, attacks will continue to slip through the cracks. Therefore, MSPs and MSSPs who are looking to fully-protect their clients must implement a proper, reliable backup and disaster recovery (BDR) solution with online and offline backup solutions as the ultimate failsafe against successful attacks.

Continuum Partners: Webroot already protects against these attacks. Additionally, they use real-time anti-phishing capabilities to protect against initial phishing emails and phishing sites. Should you have any further questions about ensuring protection against this new variant, you can get in touch with us here.

 

Handpicked for you:
Get-Cybersecurity-Tips-for-Employees-The-Complete-Guide-to-Secure-Behavior-Online-eBook

Meaghan Moraes is a Content Marketing Manager at Continuum, focusing on inbound and content marketing efforts surrounding cybersecurity and threat management. With several years of agency and tech marketing experience, Meaghan specializes in driving leads and conversion with her strategic and creative digital marketing content. In her spare time, she enjoys writing poetry, playing the piano, boxing, and exploring Boston’s best restaurants.

RMM 101: Must-Haves for Your IT Management Solution
MSP Guide to Managed Services SLAs  [white paper]
comments powered by Disqus