High levels of Locky Ransomware in .7z archives during Q4 2017
January 12, 2018
By Jack Walsh

It was once only a pipedream that a security product would be able to detect unknown, new malware.  But as highlighted by ICSA Labs’ quarterly-recurring advanced threat defense (ATD) security certification testing, there is in fact a short list of security vendors that not only detect new threats, but do it well.  As a result, the days of trying to unravel every malicious threat in order to develop a signature, may finally begin to fade into information security history.

Every quarter ICSA Labs tests the security efficacy of products and solutions against new and little known malware in its advanced threat defense or ATD testing program. ICSA Labs recently completed its 9th consecutive quarterly ATD test cycle following Q4 2017 security testing.  Results and reports of those security solutions that passed are posted on the ICSA Labs website. 

ICSA Labs collects some of the malware samples it uses in testing from its spam honeypot.  After the Q3 2017 test cycle, ICSA Labs showed that archived-based Ransomware was up significantly compared to the first half of the 2017.  This trend of high levels of archive-based spam continued again in Q4 2017. 

One interesting data point is that 7-Zip archives began showing up in large numbers beginning in August (see below figure).  Since then 7-Zips have become the dominant archive container for the Ransomware received into ICSA Labs’ spam honeypots. 

Why have 7-Zip files become a popular vehicle to deliver Ransomware?  One reason that could explain their ascent is that while some enterprises may be blocking regular .zip archives, they may not be similarly blocking 7-Zips.

New Ransomware is just one of the kinds of malicious threats tested by ICSA Labs in its quarterly advanced threat defense (ATD) security certification testing.

Given that ICSA Labs tests security products with new and little-known malicious threats, enterprises and government organizations around the world are encouraged to consider ICSA Labs’ quarterly ATD security certification testing results.  We at the labs think you will agree how important it is to defend your enterprise or organization with an ICSA Labs certified ATD solution.  



Post new comment

  • Web page addresses and e-mail addresses turn into links automatically.
  • Lines and paragraphs break automatically.
  • Allowed HTML tags: <a> <em> <strong> <cite> <code> <ul> <ol> <li> <dl> <dt> <dd>

More information about formatting options

This question is for testing whether you are a human visitor to prevent automated spam submissions.
Enter the characters shown in the image.