Hillstone Networks Intelligent Next Generation Firewall provide an effective way to detect Locky ransomware which has been quickly spreading worldwide
Hillstone Networks iNGFW has effectively detected the Locky ransomware and its variants, ensuring businesses do not fall victim to Locky’s malicious intent.
The Characteristics of Locky Ransomware
Locky is a ransomware that is usually contained within a Microsoft Word document sent by email as an attachment – often as an invoice – to large numbers of recipients using a massive spam campaign. Since its first appearance, Locky has spread rapidly and infected thousands of computers hourly, according to research.
Once the attachment is opened, the ransomware is installed and enabled on the victim’s computer. It tries to download Portable Executable (PE) files from a remote control server and executes it from there. It then encrypts every file in the local drive, as well as the network, using RSA-2048 and AES-1024 algorithms.
It subsequently displays messages on the victim’s machine and tells the victim to visit an attacker’s website for further instructions and ransom payment in order to decrypt the previously encrypted files. The ransom demand varies and can be paid using bitcoin.
Detecting Locky Ransomware with Hillstone iNGFW
The detection and protection mechanisms on Hillstone Networks iNGFW include the following:
- Anti-Virus engines include latest signatures that can be used to pattern-match the Locky email spams, which contain malicious attachments or download files.
- Reputation engine consists of an IP and domain name reputation database that includes the list of known, relevant malicious IP and domain names.
- Domain Generation Algorithms (DGA) detection engine can be used to detect DGA domain names that are used as the C&C server
- Threat intelligence correlation module can correlate different threat events and alerts, as well as draw more accurate conclusions out of individual threat alerts.
- Cloud intelligent system can perform further threat analysis on suspicious threat events or objects.
About Hillstone Networks
Hillstone Networks offers a broad range of security solutions for enterprises and data center networks – whether physical, virtual, or in the cloud. Hillstone solutions provide continuous threat defense not only at traditional perimeters, but also to internal networks, down to each virtual machine. For physical environments, Hillstone’s innovative security platform combines Behavioral Intelligence with high-performance networking, enabling organizations to find and stop threats in minutes, not months. Hillstone offers a complete virtual firewall solution for perimeter protection in virtual environments; Hillstone uses micro-segmentation technology to protect East-West traffic in the cloud.
Established in 2006 by NetScreen, Cisco and Juniper executives, Hillstone Networks is relied on by more than 10,000 customers around the world, including Fortune 500 companies, higher education, financial institutions and service providers. Hillstone Networks’ US headquarters are located in Sunnyvale, California. For more information, visit www.hillstonenet.com.