Watch our video to see how quickly this ransomware infects a machine, and how Cylance stops it cold:
VIDEO: CylancePROTECT vs. LovxCrypt Ransomware
Background and Timeline
While it was first seen in April 2015 using the GnuPG open-source encryption, the new variant is known by the extension it places on encrypted files – ‘.lovx’. It is sent as a fake resume, similar to GoldenEye and other ransomware seen over the past year. Once the file is double clicked, the command and Control (C2) server infects endpoints – even those with antivirus (AV) protections in place.
How is it Delivered? What Does it Do?
The LovxCrypt malware is delivered through email phishing, and typically slides through security undetected since the attachment masquerades as a Microsoft Compiled HTML Help (CHM). This format can consist of multiple HTML files combined and then deployed in a binary format.
And since it runs outside of the browser, important security settings and restrictions normally applied to those scripts will be absent – along with the browser protection touted by many security vendors.
LovxCrypt Variant in Action
This is a net-new iteration which cannot be found by MD5 hash (of the CHM file). The user won’t see the payload downloaded – in this (Read more...)
This is a Security Bloggers Network syndicated blog post authored by The Cylance Team. Read the original post at: Cylance Blog