Skip to content
Search
  • There are no suggestions because the search field is empty.
Cancel
Get Started Now

    Security Awareness Training Blog

    New Defray Ransomware Demands $5,000 In Customized Spear Phishing Attacks

    Defray RansomwareThis newly discovered ransomware strain is targeting healthcare, education, manufacturing and tech sectors in the US and UK, using customized spear phishing emails.

    Defray is demanding a relatively high ransom amount - $5,000 in Bitcoin, and ironically the word defray means "to provide money to pay a portion of a cost or expense."

    The Defray ransomware infection vector is spear-phishing emails with malicious Microsoft Word document attachments, and the campaigns are as small as just a few messages each. The planning and sophistication of the attacks point to a highly-organized cybercrime gang.

    "The ransom note follows a recent trend of fairly high ransom demands; in this case, $5000. However, the actors do provide email addresses so that victims can potentially negotiate a smaller ransom or ask questions, and even go so far as to recommend BitMessage as an alternative for receiving more timely responses. At the same time, they also recommend that organizations maintain offline backups to prevent future infections," Proofpoint researchers said in a blog.

    The Proofpoint researchers, further said that the bad guys using this strain were using official logos of hospitals and businesses to trick users into opening malware-laced email attachments. In one of the campaigns, they designed the phishing emails as if they came from a UK-based aquarium with international locations.

    "Defray Ransomware is somewhat unusual in its use in small, targeted attacks. Although we are beginning to see a trend of more frequent targeting in ransomware attacks, it still remains less common than large-scale "spray and pray" campaigns," Proofpoint researchers said. "It is also likely that Defray is not for sale, either as a service or as a licensed application like many ransomware strains. Instead, it appears that Defray may be for the personal use of specific threat actors, making its continued distribution in small, targeted attacks more likely."

    As we have been saying, stepping end-users through new-school security awareness training combined with frequent simulated phishing attacks which can have Office attachments, is a must these days.

    See it for yourself and get a live, one-on-one demo.

    Request A Demo

    PS: Don't like to click on redirected buttons? Cut & Paste this link in your browser:

    https://info.knowbe4.com/kmsat-request-a-demo

     

     

    Return To KnowBe4 Security Blog

    Topics: Spear Phishing

    Stu Sjouwerman

    ABOUT STU SJOUWERMAN

    Stu Sjouwerman (pronounced “shower-man”) is the founder and CEO of KnowBe4, Inc., which hosts the world’s most popular integrated security awareness training and simulated phishing platform, with over 54,000 organization customers and more than 50 million users. A serial entrepreneur and data security expert with 30 years in the IT industry, Stu was the co-founder of Inc. 500 company Sunbelt Software, a multiple award-winning anti-malware software company that was acquired in 2010.

    Read more from Stu »

    Subscribe to Our Blog


    Security Awareness Training
    Blog RSS Feed
    Comprehensive Anti-Phishing Guide
    All Posts

    Posts by Tag

    See all

    Posts By Topic

    View All

    Get the latest about social engineering

    Subscribe to CyberheistNews