Here’s an example of a highly targeted ransomware attack, with bad guys using a phony Bank of Montreal (BMO) template to social engineer possible victims into clicking on a malicious attachment.
Chester Wisnewski, a Vancouver-based senior security advisor at Sophos Inc, said: " Literally as I got on the plane I got what looked like a BMO phish, and in fact it was ransomware. It was amazing how well crafted it was because the Web site booby-trapped with the exploit is literally a carbon copy of the BMO online login landing page.”
This is a good example which illustrates a SophosLabs blog post a bit earlier this year pointing to a growing trend of cybercriminals to target and even filter out specific countries when designing ransomware and other malicious cyberattacks.
Based on data collected from Sophos endpoints, firewalls and gateways, it shows attackers are now crafting customized phishing attacks using regional languages, ripped off logos, and/or pretending to be tax and law enforcement agencies. Their tactics include phony shipping notices, refunds, speeding tickets and electricity bills.
Looking for bad grammar or typos to tip you off? Nope, it's all flawless.
Wisnewski said: "Patching and updates are crucial. The latest versions of Microsoft Office are better at stopping document malware, giving admins the ability to disable macros in documents that came from the Internet. Similarly Windows 10 is more secure that Win 7, and using a sandbox and Web filtering are also useful," he added.
The report also said researchers have found different ransomware strains target specific locations. For example, versions of CryptoWall predominantly hit victims in the U.S., U.K., Canada, Australia, Germany and France. TorrentLocker has attacked primarily the U.K., Italy, Australia and Spain, while TeslaCrypt honed in on the U.K., U.S., Canada, Singapore and Thailand.
And here is the Latest Vicious Ransomware Strain
SecurityAffairs just published a new discovery you need to know about. A Brazilian Infosec research group, Morphus Labs, just discovered a new Full Disk Encryption (FDE) ransomware strain this week, dubbed “Mamba”, a snake with a paralyzing poison.
Mamba, just like Petya, uses a disk-level encryption strategy instead of the conventional file-based one. It simply prevents the OS from booting. Imagine your file servers being hit with this one -- full-disk encryption seems to become a ransomware trend.
Since email is the #1 malware infection vector, and attacks are getting through your filters too often, getting your users new-school security awareness training which includes frequent simulated phishing attacks is a must.
For instance, KnowBe4's integrated training and phishing platform allows you to send attachments with Word Docs with macros in them, so you can see which users open the attachments and then enable macros!
See it for yourself and get a live, one-on-one demo.
PS: Don't like to click on redirected buttons? Cut & Paste this link in your browser:
https://info.knowbe4.com/kmsat-request-a-demo