Security researchers have spotted a new variant of the TorrentLocker ransomware that has the ability to spread through shared documents on the infected computer. The variant is currently making its way through Denmark, and according to VirusTotal has been circulating almost undetected, with only 3/55 Anti-Virus software managing to spot the malware. Fraser Kyne, EMEA CTO at Bromium commented below.
Fraser Kyne, EMEA CTO at Bromium:
“This is where there is a fundamental flaw in the current cybersecurity paradigm – attacks have to be detected to be prevented. However, if hackers deploy malware that doesn’t execute immediately, detection software can be easily fooled. In this case it is particularly dangerous, as by the time a threat has been detected on one device, it could have already infected every other computer that it shares documents with. This kind of epidemic is extremely costly as entire IT systems have to be rebuilt, costing the IT Team time, the company money and employees the ability to work productively.
Users can’t be expected to act as the first line of defence, and spot every advanced threat that lands in their inbox. This is why we’re seeing a shift towards segmentation and isolation – the goal of which is to create a safe environment where the malware is contained, unable to escape, and therefore has no impact. Technology like CPU-enforced micro-virtualisation makes this a practical and sustainable way forwards; as you’re getting out of the ‘cat-and-mouse’ detection game. This isolation not only stops the malware from having any impact, but has the added benefit that analysis can be carried out in granular detail, in focused isolation, whilst the malware is running, with the intel gathered shared across the network.”