Security Awareness Training Blog

Keeping You Informed. Keeping You Aware.

Newark City Hall Computers Infected With Ransomware

NEWARK, N.J. (CBSNewYork) — . The City of Newark’s computer system has been disabled by hackers demanding thousands in ransom money, according to a published report.

Hackers are demanding payment of 24 Bitcoins, which at the moment equals around $30,000, TAPintoNewark reported, citing a document they obtained.

And Just When You Thought Locky Ransomware Had Disappeared...

Locky ransomware reappeared with a vengeance Friday, this time not using Office documents combined with social engineering to have the user enable macros, but with a PDF that has a Word file hidden within, which executes a macro script when opened by the user.  This scenario allows the phishing email to bypass sandboxes.

Why Cerber Is The New King Of Ransomware

During 2016, ransomware exploded. It clearly became the biggest menace on the net, using phishing as it's No.1 infection vector. 

Hundreds of ransomware strains competed for market dominance last year, but one was clearly dominant; Locky, costing victims over 1 billion dollars. However, a recent report of our friends at Malwarebytes showed that Locky has fallen off the face of the earth in Q1 2017, making way for the Cerber strain to become the new king of ransomware.

New Cerber Ransomware Starts Evading Machine Learning

A new version of the Cerber ransomware family has adopted new techniques to make itself harder to detect by endpoint security software that uses machine learning for detection.  It is now using a new loader designed to hollow out a normal process where the code of Cerber is run instead.

Gigabyte Firmware Flaws Allow the Installation of Ransomware

Now, here is an interesting one. Gigabyte BRIX are very small computers, similar to Intel NUCs, that can be used to replace those bulky desktop towers. I am using Intel NUCs myself at the house and the office.

Well, these small devices have no hard disk and everything lives in different types of memory. At the BlackHat Asia 2017 security conference, researchers from cyber-security firm Cylance disclosed two vulnerabilities in the firmware of Gigabyte devices, which allow an attacker to write malicious content to the UEFI firmware.

Samas Ransomware Deletes Veeam Backups, And Maybe Yours Too...

This month, a user on the Atlanta-based 500 million-dollar backup company Veeam community forums reported that they were hit with Samas ransomware. I am giving you the short version here:

"On 2/7 we were hit with Samas Ransomware. Of course I freaked but I felt confident driving into work that I was ok with backups. I used Veeam to backup all my servers to two CIFS folders on 2 different Drobos on campus. We are a Private School with a small Tech budget and we get by with what we can. 

"The server itself got wiped with Samas, but I still felt confident. I looked in the Veeam_Backups folder a few times on both Drobos and both were empty, but I figured it was just a permission issue or something. I wasn't that worried.

Ransomware Is Skyrocketing, But Where Are All The Breach Reports?

More than 4,000 ransomware attacks occur daily and healthcare is the largest target. However, despite disclosure requirements and the risk of late or no HIPAA notification at all, breach reporting simply doesn’t match up.

I found some interesting data in a new survey by Healthcare IT News and HIMSS Analytics that showed more than half of hospitals were hit with ransomware from April 2015 to April 2016, but breach reporting to the OCR was practically non-existent.

Petya MFT Ransomware Returns, Wrapped In Extra Nastiness

Kasperky researchers discovered a new variant of last year's Petya Master File Table (MFT) ransomware, with "new and improved" crypto and ransomware models. Remember, MFT ransomware only encrypts the table where access to all files is kept, and does not encrypt the files themselves. It's a very effective way to lock a machine and demand ransom in a few seconds. 

Heads-Up. New Ransomware phishing scheme lets wannabe cybercrims get in for free...

Danny Palmer at ZDNet reported on a new scheme for aspiring cyber criminals that lets them into the ransomware racket for free, but at a steep 50/50 split with the people that provide them with the malicious code. We think that this will not be a major hurdle and that this strain that uses phishing with malicious attachments will take off in the very near future.

[ALERT] New Massive Wave Of CryptoLocker Ransomware Infections

We all thought that evil genius Evgeniy Bogachev had retired at the Black Sea with his tens of millions of ill-gotten gains after he became the FBI's #1 Most Wanted cybercriminal. Well, perhaps he ran out of money.

CryptoLocker is back big time. Researchers have spotted a sudden resurgence this year, specifically identifying clusters of attacks in Europe and the U.S.

Subscribe To Our Blog

Phish Your Users

Get the latest about social engineering

Subscribe to CyberheistNews