06 Apr BlackBerry intercepts ransomware family LokiLocker smoothly
LokiLocker is a relatively new ransomware family that targets English-speaking victims and Windows® PCs; the threat was first seen in the wild in mid-August 2021. It should not be confused with an older ransomware family called Locky, which was infamous in 2016, or LokiBot, which is an infostealer. However, there are some similarities with the LockBit ransomware but it does not seem to be its direct descendant.
Like the god it is named after, LokiLocker enters the victim’s life uninvited and looks for property to steal. The threat then encrypts their files and demands that they pay a monetary ransom to restore access.
LokiLocker also has an optional wipe feature – if the victim does not pay within the timeframe specified by the attacker, all non-system files are deleted and the MBR is overwritten, erasing all of the victim’s files and rendering the system unusable.
How does BlackBerry prevent LokiLocker Ransomware?
The BlackBerry Threat Research team has tested all known variants and confirmed that they have been successfully prevented by the current version of BlackBerry® Protect. They have prevented the execution of the files without any problems using their Protect AI engine without updates or internet connectivity. Several known variants can be prevented with a 2015 version of BlackBerry Protect.
BlackBerry’s philosophy is quite different from much of the competition. BlackBerry does not believe that customers should have to suffer the consequences of cyber attacks and become victims of stolen data and paying sky-high penalties. Current solutions focused on endpoint detection and response (EDR) often act too late and do not prevent breaches. Prevention with BlackBerry Protect is their strategy.
So prevention is possible!
Interested in more? Read the full article and find out how BlackBerry is responding to this ransomware.