Locky Ransomware Is Back, And That's "Unlocky" For Unpatchers

If you thought ransomware wouldn't be in the news again after "WannaCry" came and went last May, think again.  Ransomware continues to be the fastest-growing area of cyber-criminal activity, and threats - both new and old - will be a major problem for administrators for the foreseeable future.  In fact, the one causing some of the most problems at the moment is also downright ancient in computer time - the "Locky" ransomware.

Locky ransomware first appeared 18 months ago in a series of high profile attacks that netted its creators huge amounts.  At least one entity is known to have paid approximately $17,000 to unlock their files - an unusually high amount for a ransomware app, but also an indication of just how desperate some organizations are to regain their data.  What's unusual about Locky is that it actually went dormant for some time, and wasn't much seen in 2017.

Well, it's back, and -according to researchers- it's been retooled to be harder than ever to crack.  Locky ransomware is being spread via email and zombie bot networks estimated to include at least five million infected computers.  And if you get hit, there is currently no third-party remedy.   

All this just speaks to how incredibly important it is for businesses of all sizes to maintain backups and always keep their vulnerabilities patched.

There Is No Excuse Not To Patch

One thing which often puzzles those outside corporate IT is how it is that these crypto-ware attacks can succeed at all.  They rarely, if ever, make use of "zero day" exploits which have not had patches.  In most cases, the vulnerabilities they exploit have been patched for months, or even years.  The security experts at Sophos estimate that at least 90% of all attacks can be prevented with regular patching and updating.

Yet ransomware still successfully attacks businesses every day. 

So why aren't these people patching regularly?

Sure, in some cases - particularly among small businesses without dedicated IT staff - there's a chance that's it's simple ignorance.  If the office secretary is also the one responsible for rebooting the file server when it locks up, they may not be exactly on the ball regarding security.

But that really doesn't cover the wide range of businesses and other organizations getting hit by easily-prevented malware.

One factor is the inconvenience of patching.  On many systems, particularly those which are Windows-based, patching requires downtime. Windows 7 and 8 are downright infamous for how long their updates can render a computer unusable.  And the C-level hates downtime.  We've even heard anecdotal stories about IT departments being denied permission to install updates specifically because the amount of downtime was deemed unacceptable.  

In such cases, we can really just urge IT to get more involved in higher-level decisionmaking, and try to spend more time convincing the C-level to pay attention to the threat of cyberattack.  These days, leaving computers unpatched is as silly as leaving money in an unlocked safe.  And potentially as costly.

There's also the issue of network-level patches sometimes being difficult to locate and install.  Luckily, this is becoming less of an issue.  Networking brands such as ADTRAN and Meraki are making network OS patches simple, easy, and often so seamless they create no downtime at all.  We're now regularly recommending users on older network architectures migrate towards something that simplifies security updates.

Whatever the reason, though, there's just no excuse for running unpatched systems.  It's an absolutely unacceptable risk that is more and more likely to cause very expensive problems.

If you need help maintaining your own system security, Hummingbird can help!  Contact us today for a free consultation.