New Extortion Ransomware “Delilah”

  • A newly-detected piece of ransomware nicknamed “Delilah” has been detected in the wild by Israeli intelligence outfit Diskin Advanced Technologies. The malware’s goal is to extort victims into stealing insider information. The tool was found on underground crime forums and relies on a combination of social engineering, extortion and ransomware. Delilah is exclusive and cannot be found on crime ware forums, thus prolonging its lifetime by avoiding analysis and having detection methods created.
  • Once installed the hidden bot gathers large amounts of personal information from the victim so that the individual can be manipulated or extorted. This data is not limited to family and current employment. In addition a plug-in is also available which enables the hacker to remotely switch on the victim’s webcam and record them.
  • This malware will add to the volume of insider threats as corporate secrets may be sold as a result of blackmail. Delilah is being loaded onto victim machines from a number of gaming and adult sites. It is reportedly difficult to use, utilising noticeable quantities of resources and creating message boxes asking for permission prior to webcam activation.
  • Research from Kaspersky Lab in November 2015 claimed that nearly three in four firms have suffered an insider threat incident, with employees (42%) the largest single cause of data loss.

The Babcock MSS ASOC recommends:

  • Ensure employees are familiar with your acceptable usage policies to avoid users browsing inappropriate websites.
  • Consider blacklisting social media websites so personal information cannot be gathered in the event of an infection.
  • Perform regular anti-virus scans on all systems to ensure no malicious software is present.
  • Keep up to date with vendor patches which fix the latest vulnerabilities that malware attempts to exploit.

If you want to learn about Cyber Security, check out our new Cyber Security & Privacy Essentials course below.


Thanks to the Gloucestershire Police for alerting us to this information.

Action Fraud is the UK’s national fraud and internet crime reporting centre, providing a central point of contact for information about fraud and financially motivated internet crime