NEW YORK — Locky was stopped in its tracks by IRONSCALES, creator of the patent-pending automated Phishing mitigation response system, and ReSec Technologies, developer of the patented Content Disarm & Reconstruction (CDR) cyber protection technology. The companies’ joint offering successfully blocked an attack on one of Israel’s largest defense companies before an infection could take place.

“This attack was meticulously planned by professionals for some time now. However, once it was flagged by an IRONSCALES user, we disarmed it,” said Dotan Bar Noy, CEO and Co-founder of ReSec. “Our client’s preparation and internal security policies, as well as integration between ReSec and IRONSCALES, kept the organization secure and prevented the potential encryption of extremely sensitive information.”

This particular spear Phishing attack targeted one of the company’s domain administrators. Such an attack, if successful, would have had the potential to cause widespread damage across the company. It was intended to start by encrypting files of a specific individual and go from there.

“The combination of ReSec’s malware detection and disarming capabilities and IRONSCALES’ real-time detection and mitigation of ongoing phishing attacks reported both internally and across organizations, results in the best-of-breed, actionable intelligence currently available out there,” said Eyal Benishti, CEO and founder of IRONSCALES. “We are thrilled to combine forces with ReSec in this fight against cyber-criminals.”

A Locky attack is usually delivered via an email-attached document requesting the user enable macros. Once the macros are enabled, a code saves the file to the disk and runs it without their knowledge, delivering the payload, the Locky ransomware. Locky immediately starts to encrypt all files with specific extensions such as videos, Microsoft Office documents, source code, and/or images. Locky also removes snapshot service files, destroying Windows live backup. Locky is able to encrypt files, regardless of operating system – Windows, OS X or Linux. Locky is not limited to a single end-user station. It will encrypt any removable drive or network shares it can access such as servers and other computers.

Had Locky succeeded, it would have asked for a ransom to unlock the files, placing the organization in a very delicate situation – pay, lose access to extremely sensitive information, and/or have the Locky perpetrator decrypt the information for later sale.

“As one of Israeli’s largest defense system manufacturers and developers, employee awareness training is a routine part of our cyber security procedures,” said Rami W., the organization’s CISO. “The employee had a minor suspicion that caused him to act as required, activating the IRONSCALES solution by using the built-in Phishing report button. That action snatched the email and sent it to the ReSec platform that was able to send back a clean version of the file without the risk and identify the threat. The IRONSCALES solution, in turn, initiated an immediate mitigation process to make sure the malicious attachment no longer resided in other employees’ mailboxes. This is a perfect example when a complete circle of protection worked.”

Using IRONSCALES and ReSec’s combined offering allows organizations to fight known and unknown threats. The ReSec platform’s disarming and detection capabilities are now complemented by IRONSCALES’ human-based intrusion prevention system. The IRONSCALES solution enhances detection and prevention of zero day threats from Phishing attacks by leveraging crowd wisdom as live sensors for detecting unknown malware carried by malicious emails by using context.

Published on Bloomberg

April 6, 2016