Everyone knows that anti- malware software is required, but can present certain challenges. It gets in the way of installing other software and it is always asking you to make sure that your network is up to date. But what does it really do for your company? After all, you have it on every device from your firewall, mail server, to the endpoints. Do you really know what or if it catches anything?
According to Cisco (2015, Talos Group), there is a new threat vector on the market that you don’t want any of your devices to come across. Romberik is the latest buzz in the malware world. In simple terms, Romberik was made as spyware to get a user’s credentials from email to banking. Attackers simply email targeted organizations and gets users to download, unzip a file, and open what appears to be a PDF, however, it is anything but. What makes this malware unique is that it checks to see what security protocols the system it has in place to ensure that it can safely execute itself. If it runs into problems after turning itself on, it will encrypt and wipe the system clean.
So now you’re asking, how do I protect my organization against it? The first is a Malware Threat Protection Service using sandboxing. The only problem is that Romberik can delay execution, without sleeping, making it more difficult for sandboxing tools to determine the threat level immediately. IPS appliances can be another barrier to admission into the network and users should never click on attachments from someone they don’t know. However, the simplest measure against it is to keep your Anti-Virus and Anti-Malware software up-to-date at both the perimeter and the endpoints. Ask your reseller or AV vendor to make sure that they have protection against this one today.