Ransomware is quickly becoming a mainstream form of malware,according to the Clearwater, Fla.-based cybersecurity firm KnowBe4,and one driving factor is the significant amount of cash beingracked up by the notorious Dridex banking Trojan gang with its newLocky strain.

Locky was linked to the Russian Dridex gang by IT securitycompanies Proofpoint and Palo Alto Networks as the most prominentform of operating banking malware, replacing former frontrunner CryptoWall.

While no more sophisticated than other forms of crypto-ransommalware, the Dridex Locky ransomware strain is spreading tovictims' systems rapidly. Forbes claimed Locky infectsapproximately 90,000 systems per day (more than one per second) andtypically asks users for 0.5-1 Bitcoin (or $420) to unlock theirsystems.

Over the past few days, the Dridex botnet sent at least fourmillion phishing emails with a zip file as the attachment, whichcontains a JavaScript file that downloads and installs Locky,according to KnowBe4.

“Ransomware is seeing unprecedented growth with cyber-gangscompeting for criminal market share,” KnowBe4 CEO Stu Sjouwermansaid. “This competition spurred furious innovation in strategy andtactics, and we see ransomware taking the lead in criminal businessmodels. It is not going to get easier. The only way around thesetactics is to recognize the red flags and inoculate employees witheffective security awareness training and simulated phishingtests.”

Locky, which reportedly uniquely hashes each binary,disseminates through phishing emails containing Microsoft Wordattachments. Consequently, signature-based detection by atraditional antivirus product is nearly impossible, according toKnowBe4.

The firm offered the following tips to fight Locky:

• Block all emails with .zip extensions and/or macros at theemail gateway level.
• If possible, disable vehicles used as attack vectors such asAdobe Flash Player, Java and Silverlight.
• Give all employees effective security awareness training sothey can recognize the red flags related to ransomwareattacks.
• Conduct a phishing security test on users to find out if theywill click on something they should not.

Breaches linked to third-party vendors are also continuing tothreaten businesses.

For example, American Express wrote to some card members warningof a data compromise by a third-party provider. In a letterpublished on the California attorney general's site on March 10,the card firm said it became aware that a third-party serviceprovider engaged by numerous merchants experienced unauthorizedaccess to its system. The breach, which happened in December 2013,saw account numbers, names and other information, such asexpiration dates, breached.

“It is important to note that American Express owned orcontrolled systems were not compromised by this incident, and weare providing this notice to you as a precautionary measure,” theletter read.

Kurt Stammberger, chief marketing officer for the San Mateo,Calif.-based cybersecurity firm Fortscale, said, “Partner failures,like the one American Express just experienced, are one of thefastest-growing types of cybersecurity breaches, and it's a primaryfocus of our research. Look, the truth is, companies like Amex arereally, really good at security, they are basically security Jedi.But when you're operating a modern multinational corporation likeAmerican Express, it's almost impossible to make sure that all yourthousands of partner organizations and service providers are takingsecurity as seriously as you do. It's a huge problem.”