Researchers at Forcepoint Security Labs are helping businesses fight back against malware authors by reverse engineering the algorithms used by the Locky ransomware.
Ransom demands are now getting into the tens of thousands of dollars, making this a key issue for businesses. But Forcepoint has analysed the Locky ransomware and published one month’s worth of domains generated by this version of the Domain Generation Algorithm, so businesses can check their logs, pre-populate alerts or set up blocking within their existing security solutions.
Carl Leonard, principal security analyst at Forcepoint, said:
“Malware authors regularly change their tactics to try and stay one step ahead of their target victims. But by reverse engineering the Domain Generation Algorithm, we now know which domains Locky will use in the future and have shared this knowledge publicly to help all businesses fight back.
“New strains of encrypting ransomware are now showing up every week, so businesses have to remain vigilant and ensure they supplement strong security defences with security best practices. It is vital to back up and archive critical data, only open email attachments from trusted or verified senders and disable Microsoft Office macros by default, only to be enabled when absolutely necessary.”
Following on from its sharing of the original DGA one week ago, Forcepoint Security Labs has monitored for changes in the algorithm and released the final version. More information and the full list of Locky domains is available on the Forcepoint Security Labs blog.
[su_box title=”About Forcepoint™” style=”noise” box_color=”#336588″]Forcepoint™ was created to empower organizations to drive their business forward by safely embracing transformative technologies – cloud, mobility, Internet of Things (IoT), and others – through a unified, cloud-centric platform that safeguards users, networks and data while eliminating the inefficiencies involved in managing a collection of point security products[/su_box]
The opinions expressed in this post belongs to the individual contributors and do not necessarily reflect the views of Information Security Buzz.