New ransomware uses Excel documents for distribution

Print Friendly, PDF & Email

Securityweek is reporting that a new Locky variant, Osiris, is being distributed through the use of Excel documents.  Specifically, the victim gets an email with the malicious Excel document attached as a .zip file.  When the Excel document is opened, the user is asked to allow macros in order to view the content.  If the user allows the macro to run, it will download a DLL file to the Windows Temp folder and then execute the file using the Windows rundll32.exe program.  The file extension will probably be renamed so that the user cannot see that it is a DLL file, and the file name itself varies between infections.

Once it's loaded using the rundll32.exe process, Osiris will act like other ransomware.  It looks for files on local drives and network shares.  Once it has encrypted a file, the extension will be .osiris.

According to a recent study from the Herjavec Group, ransomware cost victims $24 million in ransom in 2015, and could reach $1 billion in ransomware-related costs this year.  Entire business infrastructures have been created around malware and other malicious activities, and the rise of cryptocurrencies has made it easy to demand ransoms or hire/fund cyber criminals.  The problem is expected to get worse over the next few years.  According to the report, the annual cost of global cybercrime is expected to reach $6 trillion by 2021.

There are a number of ways to protect yourself from ransomware and other threats.  In the case of Osiris and other ransomware that is distributed by malicious attachment, a good email security solution will help. Barracuda Email Security Gateway, Barracuda Essentials for Email Security, and Barracuda Essentials for Office 365 offer several layers of protection, including Advanced Threat Detection and Sandboxing capabilities.   Get more details in this pdf white paper.

The Barracuda Web Security Gateway is also helpful in defending your network from ransomware.  For example, when a reputable website is compromised by an exploit kit, an unsuspecting site visitor could download several pieces of malware without noticing.  Earlier this year, the CryptoWall ransomware was being spread through the Angler exploit kit, which meant that many victims were infected without ever knowing from where the infection came.  In addition to recovering from that attack, the victims also had to spend time and money to secure their systems from an unknown source of attack.  The Barracuda Web Security Gateway detects malicious downloads and prevents them from hitting the endpoint, and provides robust reporting so that customers know about attempted attacks.

Another way to protect yourself from this type of attack is to maintain a comprehensive disaster recovery strategy that includes regular backups.  While many people tend to think of disaster recovery as something that happens when an office is physically destroyed in a fire or storm, the truth is that a ransomware attack can be just as devastating to the organization.  These attacks can end a business, especially one that doesn't have much of a cushion for downtime.  Barracuda offers award-winning disaster recovery solutions in the Barracuda Backup and the Barracuda Message Archiver.  See our corporate site for more information on these solutions. 

Obviously you should incorporate multiple layers of security into your strategy, and Barracuda offers several other solutions like the NextGen Firewall to defend your resources from these attacks.  You can learn more about them and how they work together on our Total Threat Protection site here.

For more on protecting yourself from ransomware, download our pdf checklist – 10 Ways to Stay Safe Against Ransomware and Other Advanced Threats, and visit the NoMoreRansom project here.

 

Scroll to top
Tweet
Share
Share