Flood of Email Viruses - Including Locky Ransomware
The Locky ransomware virus and other malware threats are hitting hard this month. During the first week of March, we saw over 40x the average number of daily malware-related emails. That’s a
If you open the attachment (don’t) the macro has hidden code inside it that downloads a second file (the one with the malware) and runs it on your system. The malware encrypts most of the data on your hard drive, rendering it useless without an encryption key. It also encrypts files on a connected shared file server. It then displays a page on your monitor demanding that you pay a ransom to unlock your files.
Antivirus Hardware and Software Cannot Protect You
Traditional antivirus strategies cannot protect you from these email-based threats. Whether hardware or software-based, they have two inherent weaknesses against these kinds of attacks. For one, traditional antivirus only looks at the payload (e.g., the downloaded file in this case) to determine if it is malicious. And they can only examine email coming into that server, which misses a lot of the information a global service can analyze.
Also, antivirus programs can only recognize new threats after downloading the latest signature information, which can hours or days. But the payloads change faster than that, so by the time your antivirus software can identify the threat, it is too late.
Premium Hosted Antispam Provides Best Zero-Hour Protection
Hosted (Cloud-based) antispam services have a global view and can analyze far more information than traditional antivirus. Also, they can update their virus signatures globally almost instantly, much faster than installed and almost all appliance-based systems.
SpamStopsHere, a premium hosted service, provides zero-hour email-based threat protection (in addition to 99.5% spam blocking with < 0.001% false positives). Our proprietary signature analysis goes far beyond what typical antvirus systems use We not only scan email attachments, but we also analyze global email traffic patterns and the entire delivery mechanism, like figuring out how the scammer is trying to infect the user. We also update our global virus signature information instantly for zero-hour protection.
Another advantage is that our global view helps us protect all of our customers, even if they all don't get hit at once. This campaign seems to be targeting only some email domains at a time. If you're relying on installed antivirus or even antispam, you would have no way of knowing about threats affecting other companies until you get hit, or at least until you download the latest updates, which is often far too late. By contrast, once we identify a threat hitting even just one email domain, we can block that same threat and variations on it for all of our global customers instantly.
Train and Re-Train Your CoWorkers
We can't emphasize this enough. Even the best antispam / antivirus systems cannot block 100% of threats all the time. You should train your staff to use common sense with email, just as they would with any other business interaction. Don't assume that anything is safe. For example, don't click on links in emails (for example, to "verify" accounts). Don't agree to a wire transfer request in an email just because it looks like it came from your CEO. And NEVER preview or open an attachment in an email.