Mimecast scans the URLs in every incoming and archived email, blocking access to websites that may be malicious. To help you avoid ransomware attacks, Mimecast Targeted Threat Protection includes services to block access to URLs and attachments that may contain Locky ransomware or other viruses. As an all-in-one service, Mimecast also provides protection against a broad range of other threats, including viruses, malware, phishing, spear-phishing and impersonation fraud. Mimecast's anti ransomware technology is available as a subscription service, enabling you to quickly implement defenses against Locky ransomware. There’s at least one good aspect to this development: Using a shared infrastructure provides a high-fidelity indicator of compromise that can be preemptively blocked to foil the delivery of multiple ransomware varieties.Mimecast offers SaaS-based solutions for email security, archiving and continuity that can detect ransomware and other email-borne attacks and prevent users from inadvertently launching them. This also serves to counter some of the claims that have been made about Locky “missing” from the threat landscape by showing that some threat actors, who choose a different set of tactics, techniques and procedures, are continuing to deliver this ransomware utility.” This connection pushes the narrative forward in yet another way as the Locky distribution in question was yet another example of that ransomware being paired with the Kovter trojan. “Locky, one of the flagships of the ransomware market, was delivered as a payload from this domain on Monday, January 30. “The most interesting finding was the reuse of affectionstop as part of the delivery process for another ransomware,” the researchers noted. Then, beginning on January 26, the email narratives and metadata used in these emails began to evidence similarity to phishing campaigns used to deliver the still-persistent Locky ransomware. A second variant indicated that the deposit of a refund had been failed after an order had been canceled.” The body of these emails explained that a financial transaction had been rejected and claimed that details about the failure could be found an attached document. “The phishing email subjects used random numbers to help elude some basic filters and leveraged business-related themes rather than explicit or racy narratives. “Following this early distribution, threat actors moved toward the mainstream in a major way,” said PhishMe researchers, in a blog. The first Sage delivery emails used a sexually explicit email to tempt potential victims into opening an attachment named “sindy_hot_2016_sex_party_in_the_club.zip”. Sage made notable appearances on the phishing threat landscape in the early days of 2017, according to PhishMe researchers. The similarity in delivery attributes and infrastructure is ultimately used in the distribution of distinct malware varieties with equal effectiveness for both. This also provides evidence of the commodity status for ransomware tools like these. Sage and Locky, two distinct pieces of ransomware, have been found to be using overlapping infrastructure-a reminder of how malware support and distribution infrastructure is frequently reused.Īccording to PhishMe, the distribution of Locky and Sage from one singular location also indicates that threat actors are leveraging new ransomware varieties such as Sage, while continuing to use the reliable standby tools like Locky.
0 kommentar(er)
