Ransomware is still frightening. Compared to last year, there has been a 26% decrease in new ransomware viruses and Trend Micro analysts have found a measly 3% increase in overall ransomware activity during the first half of 2018. This is good news and can be directly attributed to advances in the cybersecurity solutions that have made it more difficult for ransomware attacks to be successful. Unfortunately, not all organizations deploy the best security solutions, leaving vulnerabilities that older ransomware can still exploit, while new ransomware has to evolve.
One new kid on the block, PyLocky, is rather impressive. PyLocky, written in Python, looks and behaves a lot like the older ransomware Locky. However, PyLocky can go completely unnoticed by machine-learning capable security solutions, just like a ghost. It accomplishes this through a combination of the open source Inno Setup Installer and PyInstaller, similar to some variants of the ransomware Cerber. By using two different installers, PyLocky is able to quickly hide in a system before getting caught. These methods may not be groundbreaking, but they are capable of fooling advanced security solutions.
PyLocky is being delivered through an email campaign, leveraging social engineering techniques, such as phishing. If the end user falls for the trap and clicks a link in the email, the user is redirected to a malicious URL that contains the PyLocky malware. PyLocky will then encrypt a hardcoded list of file extensions, capitalizing on the Windows Management Instrumentation ability to record properties of the systems. It will then execute its file encryption route, and connect with the control-and-command server. This allows PyLocky to encrypt your data, all without being detected.
The best defense against malware, such as this, is a multi-layered solution. Regularly backing up data, promoting the education of cybersecurity best practices, and endpoint email scanners should be working together to provide the best protection against these hauntings. By backing up your data, a single rollback to an uninfected backup will fix all your immediate ransomware concerns. Endpoint email scanners can block known bad actors from sending phishing emails. And finally, educating a workforce in cybersecurity best practices will minimize the chances of malicious links being clicked. Managed Service Providers, such as CHR, have the experience necessary to provide a multi-layered turnkey cybersecurity service and work with the different vendors involved. Just think of us as your personal Ghost Busters.
