A version of AstraLocker, AstraLocker 2.0 ransomware, has just been released. This updated version is what some threat analysts call a rapid attack, or smash-and-grab style of ransomware. The AstraLocker 2.0 developers use Microsoft Word attachments in emails to distribute their malicious payload using VBA macros. The user needs to click on the attachment and then click on an icon in the document for the OLE object in the payload to be activated. Double-clicking the icon causes a security warning to appear, and the user is then asked to run a file, WordDocumentDOC.exe.
The payload that is delivered directly via the email attachment is different, in that it cuts out traditional threat actor processes that are designed to evade detection by modern email security scanning tools and other triggers that alert the security operation center. Hence, AstraLocker 2.0 just wants to make a hard and immediate hit on anything they can immediately access, versus the studied and patient methodologies used by most ransomware attackers.
AstraLocker 2.0 attempts to disable anti-malware protections and EDR software. It will also kill any other processes running that can impact the successful encryption of data. Like all modern ransomware attacks, AstraLocker 2.0 deletes shadow copies and thereby jeopardizes your ability to recover.
To avoid becoming hostage to AstraLocker or other types of ransomware and malware, it is crucial to maintain recent offline backups of your most important files and data. Adopt a ‘defense-in-depth’ approach where you use layers of defense with several mitigations at each layer; this means you will have more opportunities to detect malware, and then stop it before it causes detrimental harm to your business.
If you want to learn more about how to best prepare and protect your business from ransomware and other threats, check out our blog, Reduce the Risk of Ransomware & Other Cyber Attacks.
Latest Ransomware Related Blogs
Smoke testing is a term used to describe the testing process for servers after patches are applied. 
Estimating an average time for patching servers and PCs can be a bit tricky. It can vary from one month to the next, depending upon the number and complexity of the patches released by your software vendors. You must consider all versions of operating systems and have a complete inventory of all your application software to do this job correctly. Our experience has shown that manual patching of systems takes on average of about 1.5 hours each.
This is a basic cost calculator for you to compute your typical monthly cost for patching your servers, PCs, laptops, tablets and associated application software. It also forms the basis for you to begin calculating your Return on Investment for software patching, or for comparison with alternatives to the manual process of patching operating systems and application software—such as Patch Management as a Service, also known as Vulnerability Management as a Service.