Security Awareness Training Blog

Keeping You Informed. Keeping You Aware.

Ransomware Strain Count Surpasses 200

Michael Gillespie tweeted: "Whew! ID #Ransomware can now identity 200 ransomware families. :) Sad such a milestone was hit so quickly..." He added a list from the malwarehunterteam site, that gets added to dynamically. When you click this link, it will likely be more than 200.

The New Posterboy of CyberInsecurity: John Podesta Fell For Social Engineering Attack

Motherboard has a great article explaining just how Podesta, Chairman of the 2016 Hillary Clinton presidential campaign got  hacked.  (Podesta previously served as Chief of Staff to President Bill Clinton and Counselor to President Barack Obama). The man fell for social engineering: a Google credentials phish -- one of the most common phishes that we see in the Phish Alert Button emails that customers send us. That article includes some great screenshots of emails used to hack several other public figures.

A Slick Phish with a Hidden Surprise

By Eric Howes,  KnowBe4 Principal Lab Researcher.

Yesterday one of our customers was hit with a highly targeted phishing attack -- one of the slicker attacks we've seen in a while. Once we started digging into it, though, what we found was even more surprising.

The Phish Email

This customer, which happens to be in the banking industry, received several identical phishing emails that appeared to be specially crafted to fool employees into thinking they were being directed by the bank's own IT staff to install an official security update from Microsoft.

"My AV blocked RanSim.exe So I'm Safe" No You Are Not

I'm noticing a lot of people saying the ransim.exe file is getting blocked by your AV. You have to actually allow the initial processes to run to do the simulation.

It is the five test scenarios that you want to see blocked. The Ransim.exe, Launcher.exe and RansimSetup.exe files MUST be allowed to run--they are just the framework for the ransomware simulation and if you block those first few files, you're not actually allowing your system to test the various ransomware scenarios.

Python Ransomware Uses A Unique Key For Each File That Is Encrypted

A new ransomware strain written in Python called CryPy was disclosed by Avast malware analyst Jakub Kroustek. It seems that Pyton is getting more popular as a ransomware development language, seen the recent rise of strains like PWOBot,  Zimbra, HolyCrypt, and Fs0ciety Locker.

Security pros observed that while CryPy is a new strain, it's not yet a major threat like Locky, as a unique encryption key for each file is a double-edged sword - it causes performance problems and is more susceptible to disruption if you block the malicious IP address.

Yahoo Hack Triggers 'Material Adverse Change' Clause

The Wall Street Journal reported that Verizon's lawyers are looking at using the "material adverse clause' to renegotiate the terms of the $4.8 billion deal they struck on July. 

Verizon’s general counsel, Craig Silliman, said “we have a reasonable basis to believe right now that the impact is material.”

Would you say that losing your whole customer database is an adverse change? I would! Especially after you promise in your merger agreement that no security breach had taken place—and that no breaches will have occurred by the deal’s closing.  Yeah, right.

More than 60% of US office workers are unaware of the ransomware threat

Nearly half of ransomware attacks are aimed at office workers, but almost two-thirds of those polled are unaware of the threat

More than 60% of US office workers are unaware of ransomware and the threat it poses to business, according to a survey of more than 1,000 employees commissioned by security firm Avecto.  

Ransomware infections are typically triggered by people clicking on malicious links in legitimate-looking emails or opening attachments that have a malicious payload.

[ALERT] Scam Of The Week: Brad Pitt Found Dead (Suicide)

The divorce between Brad Pitt and Angelina Jolie has been used by the bad guys for a "celebrity death hoax" which unfortunately is high-grade click bait.

It's the most recent one to hit social media and your employee's inbox, and will not be the last. Snopes, a debunking site that usually gets it right, confirmed that this bogus news has been around since the 21st of September.

AI-powered ransomware is coming, and it's going to be terrifying

Business Insider started an article with the following: "Imagine you've got a meeting with a client, and shortly before you leave, they send you over a confirmation and a map with directions to where you're planning to meet. It all looks normal — but the entire message was actually written by a piece of smart malware mimicking the client's email mannerisms, with a virus attached to the map.

Subscribe To Our Blog

Phish Your Users

Posts By Topic

View All

Get the latest about social engineering

Subscribe to CyberheistNews