Security Awareness Training Blog

Keeping You Informed. Keeping You Aware.

Sophisticated "Spora" Ransomware Demands Future Protection Money

Emsisoft researchers dissected a new ransomware strain that demands users not only pay to recover their encrypted files, but also for immunity from future attacks.

The threat is called Spora, and it's the work of highly professional bad guys. If you look at the well-implemented encryption procedures, no need of a C&C server, the user-friendly payment site, the choice of different “packages” that victims can choose, and the RaaS capability. If you get hit with this strain, you can opt to recover just your encrypted files, but also "gain immunity" from future attacks. 

300+ New Ways to Stop Your Users from Clicking on Everything!

You now really have 300+ new ways to make sure your users Think Before They Click!

I Don't Need No Friggen Backup Plan For Ransomware

Did I get your attention?

The picture here raised my eyebrows, because of its patent nonsense. Elizabeth Holmes stated this in an interview about being an entrepreneur.

It's a bit like Alexander the Great, who created an empire that stretched from his home in Macedonia to India, and ostentatiously burned his ships when arriving in Persia in 334BC.

Heads-Up! Massive New Locky Ransomware Attack Is Coming

Jan Sirmer at the Avast blog wrote: "Based on analysis of past Locky ransomware attacks, experts in the Avast Threat Labs predict that another attack is imminent.

Locky has taken a holiday of sorts. Avast detection of Locky shows that attacks have slowed down considerably during the days before Christmas through New Year and leading up to Eastern Orthodox Christmas, which is celebrated in Russia on January 7.

Healthcare Records Unavailable For Months After Ransomware Infection

Healthcare records of an Arizona clinic have not been available for months after a ransomware infection. The Desert Care clinic got infected in August, and they were not able to recover the files. They sent a letter (PDF) to their clients who got the advice to monitor their credit records and account statements, benefits and credit card bills.

Disk-Killer Malware Adds Ransomware Feature And Charges $200,000+ 

Talk about adding insult to injury with this new KillDisk version. Here is how social engineering can cost you dearly. 

The Sandworm cybercrime gang has upped its game. They were initially named after the Sandworm malware which targeted and sabotaged Industrial Control Systems  and Supervisory Control And Data Acquisition (SCADA) industrial devices in America during 2014,

The Sandworm gang later evolved into the TeleBots gang, which developed the TeleBots backdoor trojan, and the KillDisk disk-wiping malware.

L.A. County Phishing Attack: 750,000 record data breach

Confidential health data or personal information of more than 750,000 people may have been accessed in a cyberattack on Los Angeles County employees in May that led to charges this week against a Nigerian national, officials have disclosed.

The May 13 attack targeted 1,000 county employees from several departments with a phishing email. The email tricked 108 employees into providing usernames and passwords to their accounts, some of which contained confidential patient or client information, officials said.

The rise of ransomware-as-a-service. Stu Sjouwerman CSO Interview

My Interview at CSO About Ransomware-as-a-Service

Joan Goodchild, Editor-in-chief at CSO sat me down and asked why Ransomware-as-a-Service has taken off recently:

"It’s not just your company that’s moving to cloud services - cybercriminals are doing this too. Recently, the industry has seen ransomware move to a service model, where criminals can purchase third-party versions of ransomware and put their own “label” on them.

In this episode of Security Sessions, I spoke with Stu Sjouwerman, CEO of KnowBe4, about the reasons why ransomware is being offered as a cloud service, and how CSOs and CISOs can prepare their staffs to fight ransomware."

Among the highlights of the video are the following sections:

IBM study: 70% of Businesses Attacked Pay Ransomware

A rather mind-blowing 70% of businesses hit by ransomware paid the hackers to regain access to hijacked systems and files, according to a new IBM X-Force Ransomware report. Of the attacked businesses, 20 percent paid over $40,000 to decrypt their files, while more than half paid more than $10,000.

The IBM study [registration required], “Ransomware: How Consumers and Businesses Value Their Data” surveyed 600 business leaders and more than 1,000 consumers in the U.S. to determine the value placed on different types of data. 

Around 66% of the report’s respondents are generally worried about hackers compromising data, and almost 60 percent of business leaders said they would be willing to pay the ransom to regain access to financial records, intellectual property, business plans and consumer data, the report found. And depending on the datatype, they’re willing to pay between $20,000 and $50,000 to get their data back.

[ALERT] Yikes, A New And Scary Double-Ransomware Whammy.

Sophos reported on one of the more scary ransomware strains I have seen lately. It's called Goldeneye and encrypts the workstation twice: both the files and the Master File Table (MFT).

It's a phishing attack with two attachments. One is a PDF and the other an Excel file. The Excel file contains a loader that pulls down all the malware. The PDF is the social engineering ruse that makes the user open the Excel file. If your user is untrained enough to open both attachments and there are crucial files on the local hard disk without a backup, you potentially get to pay ransom TWICE.

Subscribe To Our Blog

Phish Your Users

Get the latest about social engineering

Subscribe to CyberheistNews