Security News & Best Practices

Get the scoop on the latest security threats and how to protect yourself

What does the modern malware landscape look like?

Hackers are constantly updating their tools and techniques in order to get the most reward for their efforts. However, this doesn't mean that you're completely helpless. Arming yourself with knowledge about what malware these criminals use can help you improve your personal cyber security. To that end, what kind of malware are hackers currently relying on?

Dridex

Although hackers very often work to steal personally identifiable information, at the end of the day all they really want is money. Many cyber criminals accomplish this by simply selling the data they discover, but the creators of Dridex had something more sinister in mind. This particular piece of malware is sent via email as a Microsoft Word document. 

When someone opens the attachment in this email, a macro is activated that automatically downloads Dridex onto your computer. Once it's in there, this malware can do everything from upload and download files to taking screenshots of your browser activity. What's more, Dridex is extremely active. Spain security firm buguroo has found the malware in more than 100 countries, according to Dark Reading's Jai Vijayan.

The end-goal here is to gather enough information to allow the hacker to steal your money. That said, the average consumer generally isn't the target here. Hackers usually go after big organizations, like the Moldovan cyber criminal who was prosecuted for stealing close to $10 million from U.S. businesses. Regardless, it's important to know about this malware, and that you should always avoid clicking any link from an email address you don't recognize. 

Dridex's capabilities are far-reaching. Hackers are using Dridex to steal millions.

Locky

Much like Dridex, Locky starts out with an innocent looking email. According to Bleeping Computer's Lawrence Abrams, this often looks like an invoice with a Microsoft Word attachment. However, hackers know people are starting to recognize this pattern and have begun to change their tactics. What's interesting here is that when someone clicks the attachment, the malware will prompt them to enable macros if the victim hasn't already. 

"Locky can even change the names of your files."

Once this is done, Locky is downloaded and encrypts all the files on a particular computer. Abrams even stated that this malware can do this on network shares, meaning multiple machines can be affected. What's more, Locky can even change the names of your files, making it extremely hard to decrypt the data yourself. 

Like all other ransomware, Locky demands payment in bitcoin, as it's an untraceable form of currency. Abrams reported hackers generally ask for 0.5 bitcoin, which is currently worth around $332. This number is meant to be high enough to make a profit, but low enough to encourage payment. 

If you've already been hit by Locky, there isn't much you can do aside from wipe your computer and start over. Paying the hacker is never a good idea, as it's not a guarantee that they'll even decrypt your files. Those wishing to avoid this problem altogether should invest in backup software so they can have access to their most important files in the event of an infection.