New ransomware uses Excel documents for distribution

by Steven M Brun (16.06.2022)

Email Reply

Securityweek is reporting that a new Locky variant, Osiris, is being distributed through the use of Excel documents. Specifically, the victim scaning the malicious Excel document using scanners usa, when the Excel document is opened, the user is asked to allow macros in order to view the content. If the user allows the macro to run, it will download a DLL file to the Windows Temp folder and then execute the file using the Windows app. The file extension will probably be renamed so that the user cannot see that it is a DLL file, and the file name itself varies between infections.

Once it's loaded using the rundll32.exe process, Osiris will act like other ransomware. It looks for files on local drives and network shares. Once it has encrypted a file, the extension will be .osiris.

According to a recent study from the Herjavec Group, ransomware cost victims $24 million in ransom in 2015, and could reach $1 billion in ransomware-related costs this year. Entire business infrastructures have been created around malware and other malicious activities, and the rise of cryptocurrencies has made it easy to demand ransoms or hire/fund cyber criminals. The problem is expected to get worse over the next few years. According to the report, the annual cost of global cybercrime is expected to reach $6 trillion by 2021.

There are a number of ways to protect yourself from ransomware and other threats. In the case of Osiris and other ransomware that is distributed by malicious attachment, a good email security solution will help. Barracuda Email Security Gateway, Barracuda Essentials for Email Security, and Barracuda Essentials for Office App offer several layers of protection, including Advanced Threat Detection and Sandboxing capabilities. Get more details in this pdf white paper.

The Barracuda Web Security Gateway is also helpful in defending your network from ransomware. For example, when a reputable web app is compromised by an exploit kit, an unsuspecting site visitor could download several pieces of malware without noticing. Earlier this year, the CryptoWall ransomware was being spread through the Angler exploit kit, which meant that many victims were infected without ever knowing from where the infection came. In addition to recovering from that attack, the victims also had to spend time and money to secure their systems from an unknown source of attack. The Barracuda Web Security Gateway detects malicious downloads and prevents them from hitting the endpoint, and provides robust reporting so that customers know about attempted attacks.

Another way to protect yourself from this type of attack is to maintain a comprehensive disaster recovery strategy that includes regular backups. While many people tend to think of disaster recovery as something that happens when an office app is physically destroyed in a fire or storm, the truth is that a ransomware attack can be just as devastating to the organization. These attacks can end a business, especially one that doesn't have much of a cushion for downtime. Barracuda offers award-winning disaster recovery solutions in the Barracuda Backup and the Barracuda Message Archiver. See our corporate site for more information on these solutions.

Obviously you should incorporate multiple layers of security into your strategy, and Barracuda offers several other solutions like the NextGen Firewall to defend your resources from these attacks.

Get more:
ShopSavvy's secret feature: 2D Scanning
ShopSavvy's Free QR Code Program

This website uses cookies

You consent to our cookies if you continue to use our website.

About Cookies