Phishing Installs Dangerous Ransomware

The Network: A leading advertising agency with several locations in the U.S.

The Expectation: Although legacy prevention defenses like anti-virus are in place, 24/7/365 monitoring by Security Operations Center (SOC) experts provide a layered defense to detect and respond to any threats that bypass the prevention layer.

The Catch: Netsurion’s SOC analyst identified a Locky Ransomware infection on a user machine, which could have potentially spread out to the file servers. It also could have spread across the network, leading to downtime on business-critical systems and costing the company money.

The Find: The business was targeted with a phishing email containing an attached document. The document advised the recipient to enable macros, which allowed the ransomware to gain access and encrypt files (Infection). A code started to run the moment the user enabled the macros. The Anti-Virus package did not catch the infection. Netsurion’s SOC analyst proactively checked for ransomware file extensions at regular intervals and found 13 instances of files with the Locky infected extension (Osiris). The customer was impacted previously with the same variant of ransomware, which had encrypted many files on the file server propagated from a user machine. Fortunately, the customer was able to avoid a similar impact that caused downtime and wasted IT resources.

The Fix: Quarantine the infected laptop with an Anti-Malware tool. Also re-image the infected laptop before returning the device to service. Continue to invest in continuous monitoring and advanced threat protection that provides guided remediation and the proactive termination of unknown or unsafe processes.

The Lesson: Phishing attacks as a means of installing dynamic ransomware variants remain extremely popular. Make sure employees are aware and continuously trained on social engineering techniques. Netsurion’s Managed Open XDR platform provides comprehensive 24/7 monitoring by cybersecurity experts that add defense-in-depth protection.