Following the news that TorrentLocke, a ransomware variant which has been relatively inactive for almost two years, is back, and this time it’s stealing user credentials from victims in addition to demanding a ransom to unencrypt locked files, Alex Mathews, Lead Security Evangelist at Positive Technologies commented below.
Alex Mathews, Lead Security Evangelist at Positive Technologies:
“This new version of Cryptolocker shows the old problem of antivirus products: even a small modification of an old trojan code may lead to an epidemy since many well known antiviruses don’t recogize this new malicious code for many days before their signatures are updated. To protect your business from this kind of “mutating” threats, you’d better use multi-engine antivirus platform which can scan your emails by several different antiviruses (PT Multiscanner, for example). Another good idea is to use security systems with dynamic analysis tools (sandbox) that can execute a suspicious file in a protected environment to detect its malicious behavior: credentials’ retrieval or attempts to encrypt some data would be spotted easily by such a sandbox.”
The opinions expressed in this post belongs to the individual contributors and do not necessarily reflect the views of Information Security Buzz.