Sep 21, 2017

Hacker’s Playbook Updated with Lukitus Methods

SafeBreach Labs has updated the Hacker’s Playbook™ with simulations for a new variant of Locky ransomware, called “Lukitus.” Customers can use this new simulation, as well as previously released Locky simulations, to validate security controls that should have inspected and alerted on this ransomware — for example: secure web gateway, malware sandbox, IPS/IDS, next-generation firewalls, endpoint security. As always, SafeBreach Labs will continue to monitor the situation, and develop new simulations as necessary.

The variant of Locky is a simple iteration, consisting of a malicious ZIP file distributed via email. When opened, this file encrypts the contents of the users hard drive, and presents a message relaying the ransom.

To assess security control effectiveness against techniques involved in the Lukitus attack, the SafeBreach Breach and Attack Simulation Platform specifically tests the following network security controls:

Playbook #1372 – Malware transfer via HTTP and HTTPS

  • Network and endpoint controls – Are controls in place that prevent the download of the Lukitus ransomware?

This new simulation, specific to Lukitus, comes in addition to 10 existing network and endpoint simulations related to Locky that were released previously.

The SafeBreach Hacker’s Playbook™ of breach methods simulates these breach scenarios, and thousands more, without impacting users or infrastructure. Breach methods are constantly updated by SafeBreach Labs, our team of offensive security researchers, to help keep customers ahead of attacks.

Get the latest
research and news