Locky shuts down Middle East businesses for ransom money

virus QuadRooter
Threats on businesses are becoming more and more sophisticated. Image via Wikimedia Commons

UAE companies are being paralysed by a Trojan named Locky, which aims to extort ransom money, a leading security service provider warned. Worse, most anti-virus programmes don’t detect it yet.

The new malicious virus is currently affecting Europe and the USA and the Middle East business sector is a susceptible target, RadarServices said in a statement.

This Windows-Trojan is mainly distributed via email attachments and web-downloads. The emails are disguised as invoices or messages and contain infected office documents.

When opened, this malware does not only encrypt computer but also infects networks and cloud-storages such as dropbox. In many cases, the Trojan integrates the infected computer in a botnet, thereby gaining remote control and the ability to spread the virus further in the network. As a result, companies are suffering from failures and enormous damages. As soon as the files are encrypted the blackmail appears on the screen with a ransom demand.

“Threats especially on businesses are forever evolving and becoming more and more sophisticated,” says Aji Joseph, General Manager of RadarServices Middle East. “This current malware cannot be detected by antivirus programmes, as the infected email attachment is very professionally designed with an aim to extort money. Companies here should adopt a more proactive approach towards security than just implementing antivirus and firewalls to protect their infrastructure,” he advises.

In the case of such attacks the corporate IT infrastructure is only secure if two IT risk management modules are applied: Advanced Email & Web Threat Detection, the automated analysis of attachments of all incoming E-Mails in isolated environments or sandboxes, and Network-Based Intrusion Detection (NIDS), the detection of suspicious network activities, in case Locky is already active in the company but not yet noticed by the user. In the latter case NIDS detects the network traffic between the command and control server of the Trojans in the Internet and reports it to the IT security team.