Skip to content
Search
  • There are no suggestions because the search field is empty.
Cancel
Get Started Now

    Security Awareness Training Blog

    Deadly Dridex Cybercrime Gang Has Just Moved Into Ransomware

    Stu Sjouwerman | Mar 14, 2016

    Dridex Banking Trojan RansomwareOne thing that is driving mainstream recognition of ransomware is the move by the Dridex banking Trojan gang into ransomware with their Locky strain. They have taken over from CryptoWall, which from their perspective is just an upstart. Locky was linked to the notorious Dridex gang by both Palo Alto Networks and Proofpoint. The Russian Dridex criminal group is the most prominent operating banking malware.

    The Dridex Locky ransomware strain isn't more sophisticated than other latest generation crypto-ransom malware, but it is rapidly spreading to victim systems. Forbes claims that Locky is infecting approximately 90,000 systems per day and that it typically asks users for 0.5-1 Bitcoin (~420 dollars)  to unlock their systems. Locky is disseminated through spam emails containing Microsoft Word attachments. Each binary of Locky is reportedly uniquely hashed; consequently, signature-based detection is basically impossible.

    The Dridex gang is the 800-pound gorilla in banking Trojans. Apparently they have seen the profit potential of ransomware and leveraged their extensive criminal infrastructure to get their Locky strain infecting as many machines as possible. Consequently, financial institutions are likely the next major sector to be actively targeted. The FBI just stated that the threat from ransomware is expected to grow this year.

    The last few days, the Dridex botnet has sent at least 4 million phishing emails with a zip file as the attachment. The zip file contains a JavaScript file which downloads and installs Locky.  

    Five Things To Do About It

    1. Block any and all emails with .zip extensions and/or macros at your email gateway level.
    2. Disable Adobe Flash Player, Java and Silverlight if possible. These are used as attack vectors.
    3. Step all employees through effective security awareness training, so they can recognize the red flags related to ransomware attacks.
    4. Print out this handy infographic of 22 social engineering red flags to watch out for, laminate it, and hand it out to employees so they can pin it on their wall.
    5. Do a Phishing Security Test on your users and find out if they are going to click on something they shouldn't. Get started here:

    Get My Free Phishing Security Test Now!

     

    Topics: Security Awareness Training Ransomware

    Secure the Digital Workforce: Human + AI

    KnowBe4 empowers the modern workforce to make smarter security decisions every day. Trusted by more than 70,000 organizations worldwide, KnowBe4 is the pioneer of digital workforce security, securing both AI agents and humans. The KnowBe4 Platform provides attack simulation and training, collaboration security, and agent security powered by AIDA (Artificial Intelligence Defense Agents) and a proprietary Risk Score. The platform leverages 15 years of behavioral data to combat advanced threats including social engineering, prompt injection, and shadow AI. By securing humans and agents, KnowBe4 leads the industry in workforce trust and defense.

    Stu Sjouwerman

    ABOUT STU SJOUWERMAN

    Stu Sjouwerman (pronounced “shower-man”) is the Founder and Executive Chairman of KnowBe4, Inc., which hosts the world’s most popular integrated security awareness training and simulated phishing platform, with over 54,000 organization customers and more than 50 million users. A serial entrepreneur and data security expert with 30 years in the IT industry, Stu was the co-founder of Inc. 500 company Sunbelt Software, a multiple award-winning anti-malware software company that was acquired in 2010.

    Read more from Stu »

    Subscribe to Our Blog

    Posts By Topic

    View All

    Get the latest insights, trends and security news. Subscribe to CyberheistNews.