now, Locky (or whatever prevalent "bleeding edge" threat) is not a static executable (i.e. one program with a few specific checksums), it takes some time (and samples) to reliably detect all the mutations. This is complicated by the fact that aggressive strategies are not feasible in a corporate environment as the could be too aggressive and might impair important applications. Thus "complete protection" would be, at least in the early days, boastful. In addition there's the delivery mechanism - the initial stage seems pretty archaic, email and macros in office documents. Then evidently a (state-of-the-art) staggered download. So while the concept isn't new the campaign doesn't reuse well-known components which is another challenge.
now, Locky (or whatever prevalent "bleeding edge" threat) is not a static executable (i.e. one program with a few specific checksums), it takes some time (and samples) to reliably detect all the mutations. This is complicated by the fact that aggressive strategies are not feasible in a corporate environment as the could be too aggressive and might impair important applications. Thus "complete protection" would be, at least in the early days, boastful. In addition there's the delivery mechanism - the initial stage seems pretty archaic, email and macros in office documents. Then evidently a (state-of-the-art) staggered download. So while the concept isn't new the campaign doesn't reuse well-known components which is another challenge.
