Ransomware Increase - Flood of Locky and Other Viruses

We're seeing a massive surge in malware this month, mainly attachments that download Locky and TeslaCrypt ransomware. These waves are so huge and changing so quickly that traditional antivirus leaves you vulnerable to critical email threats, sometimes for days. Only a hosted antispam service with rapid updates and advanced signature profiling can provide zero-hour protection.

Flood of Email Viruses - Including Locky Ransomware

The Locky ransomware virus and other malware threats are hitting hard this month. During the first week of March, we saw over 40x the average number of daily malware-related emails. That’s a 4000% + increase in very dangerous threats!

Huge Increase in Daily Viruses Like Locky Ransomware
Huge Increase in Daily Viruses Like Locky Ransomware

Most of these work by executing a macro (small program) inside a file attached to an incoming email. Previously, we saw the macros hidden within Word files. This week, we're seeing javascript inside attached zip files.

If you open the attachment (don’t) the macro has hidden code inside it that downloads a second file (the one with the malware) and runs it on your system. The malware encrypts most of the data on your hard drive, rendering it useless without an encryption key. It also encrypts files on a connected shared file server. It then displays a page on your monitor demanding that you pay a ransom to unlock your files.

Antivirus Hardware and Software Cannot Protect You

Traditional antivirus strategies cannot protect you from these email-based threats. Whether hardware or software-based, they have two inherent weaknesses against these kinds of attacks. For one, traditional antivirus only looks at the payload (e.g., the downloaded file in this case) to determine if it is malicious. And they can only examine email coming into that server, which misses a lot of the information a global service can analyze.

Also, antivirus programs can only recognize new threats after downloading the latest signature information, which can hours or days. But the payloads change faster than that, so by the time your antivirus software can identify the threat, it is too late.

Traditional Antivirus Does Not Protect Enough Anymore
Traditional Antivirus Does Not Protect Enough Anymore

Premium Hosted Antispam Provides Best Zero-Hour Protection

Hosted (Cloud-based) antispam services have a global view and can analyze far more information than traditional antivirus. Also, they can update their virus signatures globally almost instantly, much faster than installed and almost all appliance-based systems.

SpamStopsHere, a premium hosted service, provides zero-hour email-based threat protection (in addition to 99.5% spam blocking with < 0.001% false positives). Our proprietary signature analysis goes far beyond what typical antvirus systems use We not only scan email attachments, but we also analyze global email traffic patterns and the entire delivery mechanism, like figuring out how the scammer is trying to infect the user. We also update our global virus signature information instantly for zero-hour protection.

Another advantage is that our global view helps us protect all of our customers, even if they all don't get hit at once. This campaign seems to be targeting only some email domains at a time. If you're relying on installed antivirus or even antispam, you would have no way of knowing about threats affecting other companies until you get hit, or at least until you download the latest updates, which is often far too late. By contrast, once we identify a threat hitting even just one email domain, we can block that same threat and variations on it for all of our global customers instantly.

Train and Re-Train Your CoWorkers

We can't emphasize this enough. Even the best antispam / antivirus systems cannot block 100% of threats all the time. You should train your staff to use common sense with email, just as they would with any other business interaction. Don't assume that anything is safe. For example, don't click on links in emails (for example, to "verify" accounts). Don't agree to a wire transfer request in an email just because it looks like it came from your CEO. And NEVER preview or open an attachment in an email.

Get powerful protection from spam and other email-based viruses and threats.