And, I just have been with the latest batch of Locky ransomware emails. Apart from the general rudeness of the message, both the word selection and the technology used to communicate it are point-on references to where Avira is going with our antimalware efforts.
Getting the message with Locky
Social engineering isn’t everything
While Locky is usually activated by a user that has been deceived by some social engineering, it is not OK to blame users as the source of all problems. The cyber-criminals behind Locky are professional and their technical prowess is just as important as their social engineering. For the infection to work after getting on a PC, they have to go over the internet security product to be successful. It is important to look at Locky as a whole – a huge framework with a command and control server and a random domain algorithm. All of this is designed by professional experts.
Cloud analysis and a well-hidden hand
Most of our detections for Locky are created in the Avira Protection Cloud (APC). The two huge benefits to this technology are that we are able to keep our detections from being reverse engineered by the cyber criminals and we are also able to analyze their binaries in real-time. This lets us know exactly what measurements and changes are needed to protect our customers.
- It’s not personal. It’s not really even about me. This is really a huge (albeit indirect) compliment to our analysts in the Avira Virus Lab that work every day to stop the latest tricks from Locky and others on the Dark Side.
- It’s not over. The fight against Locky and other malware is not a one-off battle. It is a continuing war. And we at Avira are continuing to hone our analysis and strengthen our detection to keep these threats out of your devices.