New Tactics for Crypto Ransomware Attacks

encryptionCyber-criminals are encrypting your computer files and holding them for ransom.  This is one of the most difficult attacks to defend, and once encrypted, impossible to overcome without paying for the decryption key.  There are several new tactics appearing on the crypto-ransomware scene that we thought were worth a mention.

  • From the BBC News website in an article titled “Phishing email that knows your address,”  discussed how cyber-crime groups are sending phishing email appearing to come from bill collectors working for legitimate companies.  In order to make the email appear more genuine, they are inserting your physical street address into the body of the email.  The offered email link will take you to a fake web page where malware for a crypto-malware exploit will be installed.
  • From Naked Security, there was a recent article discussing how ransomware was being distributed in an exploit that used JavaScript embedded in an ZIP archive to launch the malware, bypassing the need to download additional files.
  • Another article from Naked Security looking at the new Zepto ransomware disclosed that this ransomware variant was launched via phishing emails with:
    • a ZIP archive that contained a JavaScript file, or
    • a DOCM Word documented with VB script macros embedded.
    • In either case, the attachment contained the code necessary to start the encryption process by downloading an executable file over the Internet from a command and control server and launching it.

You need to be on your guard for the phishing emails that set up the exploit.  I would say at this point if you receive an email that causes feelings of surprise, panic, fear, or alarm, then there is a good possibility that it is a phishing email.  Phishing emails, especially spear-phishing emails that are target only at you, are designed to get you into an agitated state of mind;  They depend on your emotional response to trick you into hastily clicking on a link or opening an attachment before you develop the presence of mind to think it through.  So if this email is making you fearful or anxious, DO NOTHING until you are in a calmer state of mind.

0

About the Author:

I am a cybersecurity and IT instructor, cybersecurity analyst, pen-tester, trainer, and speaker. I am an owner of the WyzCo Group Inc. In addition to consulting on security products and services, I also conduct security audits, compliance audits, vulnerability assessments and penetration tests. I also teach Cybersecurity Awareness Training classes. I work as an information technology and cybersecurity instructor for several training and certification organizations. I have worked in corporate, military, government, and workforce development training environments I am a frequent speaker at professional conferences such as the Minnesota Bloggers Conference, Secure360 Security Conference in 2016, 2017, 2018, 2019, the (ISC)2 World Congress 2016, and the ISSA International Conference 2017, and many local community organizations, including Chambers of Commerce, SCORE, and several school districts. I have been blogging on cybersecurity since 2006 at http://wyzguyscybersecurity.com

Add a Comment


This site uses Akismet to reduce spam. Learn how your comment data is processed.