Locky Ransomware Attack in Israel Unsuccessful, Lesson to be Learned

ReSec Technologies and IronScales stopped the attack of Locky ransomware. Both companies got together and successfully blocked the attack on one of Israel’s largest defense companies before an infection could take place.

This attack was meticulously planned by professionals for some time now. However, once it was flagged by an IronScales user, we disarmed it,” stated the CEO and Co-founder of ReSec, Dotan Bar Noy. “Our client’s preparation and internal security policies, as well as integration between ReSec and IronScales, kept the organization secure and prevented the potential encryption of extremely sensitive information.”

The malicious attack targeted one of the company’s domain administrators. If such an attack appears to be successful, it would be able to cause widespread damage across the company. The attack was intended to start by encrypting files of a specific individual and go from there.

The combination of ReSec’s malware detection and disarming capabilities and IronScales’ real-time detection and mitigation of ongoing phishing attacks reported both internally and across organizations, results in the best-of-breed, actionable intelligence currently available out there,” said the CEO and founder of IronScales, Eyal Benishti. “We are thrilled to combine forces with ReSec in this fight against cyber-criminals.”

Usually, an attack by Locky ransomware is delivered via an email-attached document requesting the user enable macros. As soon as the macros are enabled, a code saves the file to the disk and runs it without their knowledge, delivering the payload, the Locky ransomware. Then Locky starts to encrypt all files with specific extensions such as videos, Microsoft Office documents, source code, and/or images. Besides, Locky removes snapshot service files, destroying Windows live backup.

Also, Locky is able to encrypt files, regardless of operating system – Windows, OS X or Linux. This ransomware is not limited to a single end-user station. It will encrypt any removable drive or network shares it can access such as servers and other equipment.

If Locky succeeded, it would have asked for a ransom to unlock the files, placing the organization in a very delicate situation – pay, lose access to extremely sensitive information, and/or have the Locky perpetrator decrypt the information for later sale.

As one of Israeli’s largest defense system manufacturers and developers, employee awareness training is a routine part of our cyber security procedures,” stated Rami W., the organization’s CISO.

The employee had a minor suspicion that caused him to act as required, activating the IronScales solution by using the built-in phishing report button. That action snatched the email and sent it to the ReSec platform that was able to send back a clean version of the file without the risk and identify the threat. The IronScales solution, in turn, initiated an immediate mitigation process to make sure the malicious attachment no longer resided in other employees’ mailboxes. This is a perfect example when a complete circle of protection worked.”

The combined offering of IronScales and ReSec allows organizations to fight known and unknown threats. The ReSec platform’s disarming and detection capabilities are now complemented by IronScales’ human-based intrusion prevention system. While the IronScales solution enhances detection and prevention of zero day threats from phishing attacks by leveraging crowd wisdom as live sensors for detecting unknown malware carried by malicious emails by using context.

Leave a Comment

Your email address will not be published.

Time limit is exhausted. Please reload CAPTCHA.