A significant email-spam campaign has been observed over the past two days, distributing two new variants of the ‘Locky’ ransomware.

At this stage the 2-sec team believes the ransomware to be similar to most other ransomware programs, in that it will encrypt files after a machine has been infected. This alert has been issued by 2-sec as the distribution pattern is thought to be extremely wide.

Alexander Drabek, senior penetration tester and researcher for 2-sec commented; “Either of the Diablo6 and Mamba strains could be a serious problem for companies that haven’t installed email or SPAM filtering systems, or for organisations where user-awareness hasn’t been developed over the last year, as ransomware has risen”.

For anyone who hasn’t seen ransomware before, it’s possible to view the Diablo6 strain being run on a test machine below:

How can you protect your business against Diablo6 and Mamba?

Protecting your organisation against the threats posed by any ransomware can be challenging.  All organisations need actively to take steps to minimise the chances of ransomware arriving in the first place by undergoing a cyber strategic review, which is excellent for uncovering internal vulnerabilities.  Another option is to undergo a phishing simulation which can help prevent users from clicking on attachments or links by testing their behaviour when tested.

2-sec will continue to monitor the Diablo6 and Mamba strains, and for more information please contact a member of the team on 020 7877 0060.