https://www.channelfutures.com/wp-content/themes/channelfutures_child/assets/images/logo/footer-new-logo.png
  • Home
  • Technologies
    • Back
    • SDN/SD-WAN
    • Cloud
    • RMM/PSA
    • Security
    • Telephony/UC/Collaboration
    • Cable
    • Mobility & Wireless
    • Fiber/Ethernet
    • Data Centers
    • Backup & Disaster Recovery
    • IoT
    • Desktop
    • Artificial Intelligence
    • Analytics
  • Strategy
    • Back
    • Mergers and Acquisitions
    • Channel Research
    • Business Models
    • Distribution
    • Technology Solutions Brokerages
    • Sales & Marketing
    • Best Practices
    • Vertical Markets
    • Regulation & Compliance
  • MSP 501
    • Back
    • 2023 MSP 501 Application
    • 2022 MSP 501 Rankings
    • 2022 NextGen 101 Rankings
  • Intelligence
    • Back
    • Galleries
    • Podcasts
    • From the Industry
    • Reports/Digital Issues
    • Webinars
    • White Papers
  • Channel Futures TV
  • EMEA
  • Channel Chatter
    • Back
    • People on the Move
    • New/Changing Channel Programs
    • New Products & Services
    • Industry Honors
  • Resources
    • Back
    • Advisory Boards
    • Industry Organizations
    • Our Sponsors
    • Advertise
    • 2023 Editorial Calendar
  • Awards
    • Back
    • 2022 MSP 501
    • Channel Influencers
    • Circle of Excellence
    • DE&I 101
    • Technology Advisor 101 (TA 101)
    • Channel Leaders Lists
  • Events
    • Back
    • 2023 Call for Speakers
    • CP Conference & Expo
    • MSP Summit
    • Channel Partners Europe
    • Channel Partners Event Coverage
    • Webinars
    • Industry Events
  • About Us
  • DE&I
Channel Futures
  • NEWSLETTER
  • Home
  • Technologies
    • Back
    • SDN/SD-WAN
    • Cloud
    • RMM/PSA
    • Security
    • Telephony/UC/Collaboration
    • Cable
    • Mobility & Wireless
    • Fiber/Ethernet
    • Data Centers
    • Backup & Disaster Recovery
    • IoT
    • Desktop
    • Artificial Intelligence
    • Analytics
  • Strategy
    • Back
    • Mergers and Acquisitions
    • Channel Research
    • Business Models
    • Distribution
    • Technology Solutions Brokerages
    • Sales & Marketing
    • Best Practices
    • Vertical Markets
    • Regulation & Compliance
  • MSP 501
    • Back
    • 2023 MSP 501 Application
    • 2022 MSP 501 Rankings
    • 2022 NextGen 101 Rankings
  • Intelligence
    • Back
    • Galleries
    • Podcasts
    • From the Industry
    • Reports/Digital Issues
    • Webinars
    • White Papers
  • Channel Futures TV
  • EMEA
  • Channel Chatter
    • Back
    • People on the Move
    • New/Changing Channel Programs
    • New Products & Services
    • Industry Honors
  • Resources
    • Back
    • Advisory Boards
    • Industry Organizations
    • Our Sponsors
    • Advertise
    • 2023 Editorial Calendar
  • Awards
    • Back
    • 2022 MSP 501
    • Channel Influencers
    • Circle of Excellence
    • DE&I 101
    • Technology Advisor 101 (TA 101)
    • Channel Leaders Lists
  • Events
    • Back
    • 2023 Call for Speakers
    • CP Conference & Expo
    • MSP Summit
    • Channel Partners Europe
    • Channel Partners Event Coverage
    • Webinars
    • Industry Events
  • About Us
  • DE&I
    • Newsletter
  • REGISTER
  • MSPs
  • VARs / SIs
  • Agents
  • Cloud Service Providers
  • Channel Partners Events
 Channel Futures

Security


Screenshot: IKAR US Dilapidated

Massive New ‘Locky’-Variant Ransomware Attack Now Underway

  • Written by Aldrin Brown
  • September 22, 2017
Many endpoint protection solutions have been updated to detect Locky ransomware but as a new variant, emails containing the IKARUSdilapidated strain can be designated as “unknown file” types and slip through security tools.

A massive, worldwide ransomware attack is currently unfolding, powered from more than 11,625 distinct IP addresses in 133 different countries, experts at cyber security vendor Comodo said today.

The campaign was first detected on Aug. 9, and more than 62,000 phishing emails related to the attack were detected at Comodo-protected endpoints alone, as of Friday.

Emails use social engineering to induce users into opening a docx, pdf, jpg, zip or other file containing the ransomware, dubbed “IKARUSdilapidated,” after a phrase that appears in the code string.

“If the user does as instructed, the macros then save and run a binary file that downloads the actual encryption Trojan, which will encrypt all files that match particular extensions (including the common ones on most machines),” Comodo researchers wrote in a report that was provided to MSPmentor in draft form, because it is still being completed. “Filenames are converted to a unique 16 letter and number combination with the .locky file extension.”

Read the Draft Report: ‘IKARUSdilapidated’ Ransomware Attack

Locky is a very common type of ransomware that emerged in 2016 and has been used in a wide range of cyber attacks since.

“The attachment is an archive file, with the name ‘E 2017-08-09 (580).vbs’ where 580 is a number changing for each email and vbs is an extension which varies as well,” the report says.

Many endpoint protection solutions have been updated to detect Locky ransomware but as a new variant, emails containing IKARUSdilapidated can be designated as “unknown file” types and slip through security tools.

After the files are encrypted, users are given instructions for downloading a Tor browser and directed to a site on the dark web where the cyber criminals demand a ransom payment of one half to 1 bitcoin.

As of today, 1 bitcoin was valued at $4,369.27.

The top five countries of origin for the IP addresses being used by the attackers are Vietnam, India, Mexico, Turkey and Indonesia.

“When the team checked the IP range owners, we see that most of them are telecom companies and ISPs,” the Comodo draft report said.

“This tells us the IP addresses belong to infected, now compromised computers (also called “zombie computers”),” the report continues. “This quantity of servers can only be used for a specific task if they are formed into a large bot network (or botnet), and have a sophisticated command and control server architecture.”  

Comodo experts recommend adopting a “default deny” security posture, which calls for blocking all unknown files from an IT infrastructure until they’re verified as safe.

 

Send tips and news to [email protected].

Tags: Agents Cloud Service Providers MSPs VARs/SIs Security Strategy

Most Recent


  • Making Waves
    8 Channel People Making Waves This Week at Lumen, Accenture, Amazon, Canalys, More
    Cisco led a “crowded” secure access service edge (SASE) market in terms of revenue in 2022, experts said.
  • network in the cloud
    Fortinet, Huawei, Palo Alto, VMware Lauded in Gartner Peer Insights SD-WAN Study
    Thousands of customers have weighed in on how their SD-WAN vendors have performed.
  • Do AWS, Azure, Google, Oracle, Others, Have Too Much Market Power?
    The FTC, concerned about cloud vendors’ sway over customers, is seeking public comment.
  • Unemployed, layoffs
    Veeam Layoffs Impact 200 Workers, Company Remains 'Strong, Profitable'
    Veeam continues to hire for roles in R&D.

Leave a comment Cancel reply

-or-

Log in with your Channel Futures account

Alternatively, post a comment by completing the form below:

Your email address will not be published. Required fields are marked *

Related Content

  • Paying ransomware
    Feds Seize Most of Ransom Paid in Colonial Pipeline Ransomware Attack
  • IPO
    6 Things to Know About the Upcoming SentinelOne IPO
  • Acquisition fish eating little fish
    Deloitte Joins Cloud Cybersecurity Craze with CloudQuest Purchase
  • Qualys Philippe Courtot Obit
    Security Industry Mourns Death of 'Pioneer' Philippe Courtot

Upcoming Events

View all

Channel Partners Conference & Expo

May 1, 2023 - May 4, 2023

Channel Partners Europe

June 13, 2023 - June 14, 2023

Channel Futures Leadership Summit

October 30, 2023 - November 2, 2023

Galleries

View all

8 Channel People Making Waves This Week at Lumen, Accenture, Amazon, Canalys, More

March 24, 2023

National Women’s History Month: Channel Women Have Stories to Tell

March 24, 2023

VEC Attack Tries to Steal $36 Million, Ferrari, Dole Hit with Ransomware Attacks

March 23, 2023

Industry Perspectives

View all

Selling Your MSP: Strategic vs. Financial Buyers

March 22, 2023

10 Strategic Smart Enterprise Drivers for 2023

March 16, 2023

Does Your Company Have a Virtual Water Cooler?

March 13, 2023

Webinars

View all

Equipping the Hybrid Workforce: What It Takes to Execute

March 28, 2023

Give Customers the Power: How MSPs Can Leverage Cloud Choice

April 4, 2023

DE&I Dialogue: How the Right DE&I Initiatives Can Propel Your Business

April 5, 2023

White Papers

View all

6 UCaaS Reseller Challenges and How Real World Businesses Solved Them

February 1, 2023

Frost Radar: North American UCaaS Market, 2022

February 1, 2023

The Complete Guide to White-Label UCaaS for Reseller Success

February 1, 2023

Channel Futures TV

View all

Coffee with Craig and James Episode 121: Hewlett Packard Enterprise

Aryaka ‘Driving Value to the Channel Community’ with Throttle

March 24, 2023

Real-Life M&A: Advice for a Successful Channel Deal

March 13, 2023

Coffee with Craig and James Episode 120: Ronnell Richards

March 3, 2023

Twitter

ChannelFutures

Channel people making waves include: @jmcbain, @NetworkMoe, @ajassy, @JulieSweet, @Elvia_Valdes_M, @GovITDave… twitter.com/i/web/status/1…

March 24, 2023
ChannelFutures

We delve into AI impacting the channel, this week featuring @nvidia, @GoTo, @twilio and more.… twitter.com/i/web/status/1…

March 24, 2023
ChannelFutures

[email protected]_Inc's Peer Insights are a treasure trove for partners looking to sell #SDWAN. dlvr.it/SlRDmk https://t.co/oElLXzOIbb

March 24, 2023
ChannelFutures

#CPExpo preview: @GlobalIndirect of @AryakaChannel with a preview of the next phase of the company's channel progra… twitter.com/i/web/status/1…

March 24, 2023
ChannelFutures

U.S. competition regulators want to know if @AWSCloud, @Azure, @GoogleCloud, @OracleCloud hold too much market powe… twitter.com/i/web/status/1…

March 24, 2023
ChannelFutures

📣 Join us on April 13th to hear from the 2023 Channel Influencers and get their insights on the state of the channe… twitter.com/i/web/status/1…

March 24, 2023
ChannelFutures

#CPExpo preview: Learn about why @USWired accepted an #acquisition deal and what partners should look for in an M&A… twitter.com/i/web/status/1…

March 24, 2023
ChannelFutures

.@Veeam lays off 200 workers to increase efficiency. #backupandrecovery dlvr.it/SlQWZW https://t.co/QTJx1NX69q

March 24, 2023

MSP 501

The industry's largest and most comprehensive partner awards program.

Newsletters and Updates

Sign up for The Channel Report, Channel Futures Update, MSP 501 Newsletter and more.

Live Channel Events

Get the latest information on the next industry-leading Channel Partners event.

Galleries

Educational slide shows and images from live events.

Media Kit And Advertising

Want to reach our audience? Access our media kit.

DISCOVER MORE FROM INFORMA TECH

  • Channel Partners Events
  • Telecoms.com
  • MSP 501
  • Black Hat
  • IoT World Today
  • Omdia

WORKING WITH US

  • Contact
  • About Us
  • Advertise
  • Newsletter

FOLLOW Channel Futures ON SOCIAL

  • Privacy
  • CCPA: “Do Not Sell My Data”
  • Cookie Policy
  • Terms
Copyright © 2023 Informa PLC. Informa PLC is registered in England and Wales with company number 8860726 whose registered and Head office is 5 Howick Place, London, SW1P 1WG.
This website uses cookies, including third party ones, to allow for analysis of how people use our website in order to improve your experience and our services. By continuing to use our website, you agree to the use of such cookies. Click here for more information on our Cookie Policy and Privacy Policy.
X