
Beware Valentines Day Phishing Attacks.
C HenryWith Valentine's Day around the corner, cybercriminals are ramping up spam and phishing attacks targeting this lover's holiday.
In Part 1, we looked at some new wrinkles in the ransomware game and then examined the specifics of Ransom32, CryptoLocker, CTB Locker, and TeslaCrypt. In Part 2, we move on to Cryptowall, the most successful ransomware to date, and Chimera, a relative newcomer.
Let’s first look at CryptoWall Version 3 which was thoroughly studied by the Cyber Threat Alliance, and then discuss the changes since then. Here are some highlights:
It first surfaced in January 2015, and infects all versions of Windows. North America and Australia experienced the brunt of the attacks.
CryptoWall Version 4.0 popped up in October 2015. Infection statistics show that Europe, South America, Africa and southern Asia have been hard hit. Both the Nuclear and Angler exploit kits now include CryptoWall, making the attacks easy to launch. In Version 4, the malware alters filenames in addition to file contents. Attacks are even harder to detect, evading many of the newest firewalls. Instead of demanding a ransom, the cybercriminals are trying new angles:
The victims are asked to pay for “security software”. As the victim’s files are being encrypted, the victim receives a notice that antivirus programs are “protecting” their data.
Attackers may threaten to publish user data online if a ransom is not paid.
An especially vicious variant of CryptoWall encrypts files randomly over many weeks. This makes recovery from backups difficult.
Most security experts expect to see acceleration in CryptoWall 4.0 attacks this year. So far, Malwarebytes has reported a new version targeting outdated versions of Flash Player. It is delivered via malicious pop-under ads via the Magnitude exploit kit.
Chimera appeared in September 2015, and the German anti-botnet advisory centre Botfrei reported a new strain in November. This variant threatens to publish the victim’s data on the Internet unless a £450 ransom is paid. Spear phishing regarding job applications or offers refers the victim to information on Dropbox, and clicking on the Dropbox link begins the infection. Like CTB Locker, Chimera offers its victims an opportunity to become an “affiliate”, with a 50 percent commission for selling the ransomware as a service. The security community foresees more Chimera infections in future, especially in English-speaking countries.
Some steps to specifically protect yourself from malware are:
With Valentine's Day around the corner, cybercriminals are ramping up spam and phishing attacks targeting this lover's holiday.
MSPs must stay up to date with the latest threat detection and cybersecurity measure in order to stay competitive. Discover ways MSPs can grow their business in a competitive market.
German cybersecurity authority, BSI along with the FBI and Cybersecurity and Infrastructure Security Agency (CISA) have issued warnings to companies to be extra alert over the approaching holiday season for...
Sign-up for email updates...
Call us on USA +1 813 304 2544 or IRL +353 91 545555
Contact Us