Targeted Ransomware Threats Become More Dangerous

Ransomware attacks are becoming more and more targeted. What does this mean to you? It means that it is at the point where it is almost impossible to recognize a phishing email or landing page compared to the real deal. That means that your end users are way more likely to click on a dangerous link than ever before. There is no way to stop the cyber-criminals. The only way to protect your company and yourself is by education.

The following information is from our friends at KnowBe4. KnowBe4 gives you the ability to run fake phishing emails throughout your users, find your weak points, and provide short, simple education that keeps them from clicking again! Want to learn more or set up a free demo? Visit our page here.

A special thanks to KnowBe4 for the example of a recent highly-targeted Ransomware attack involving the Bank of Montreal (BMO):

“Chester Wisnewski, a Vancouver-based senior security adviser at Sophos Inc, said: ‘Literally as I got on the plane I got what looked like a BMO phish, and in fact it was ransomware. It was amazing how well crafted it was because the Web site booby-trapped with the exploit is literally a carbon copy of the BMO online login landing page.’ This is a good example which illustrates a SophosLabs blog post a bit earlier this year pointing to a growing trend of cybercriminals to target and even filter out specific countries when designing ransomware and other malicious cyberattacks. Based on data collected from Sophos endpoints, firewalls and gateways, it shows attackers are now crafting customized phishing attacks using regional languages, ripped off logos, and/or pretending to be tax and law enforcement agencies. Their tactics include phony shipping notices, refunds, speeding tickets and electricity bills.

Wisnewski said: ‘Patching and updates are crucial. The latest versions of Microsoft Office are better at stopping document malware, giving admins the ability to disable macros in documents that came from the Internet. Similarly Windows 10 is more secure than Win 7, and using a sandbox and Web filtering are also useful,’ he added. The report also said researchers have found different ransomware strains target specific locations. For example, versions of CryptoWall predominantly hit victims in the U.S., U.K., Canada, Australia, Germany and France. TorrentLocker has attacked primarily the U.K., Italy, Australia and Spain, while TeslaCrypt honed in on the U.K., U.S., Canada, Singapore and Thailand.

SecurityAffairs just published a new discovery you need to know about. A Brazilian Infosec research group, Morphus Labs, just discovered a new Full Disk Encryption (FDE) ransomware strain this week, dubbed ‘Mamba’, a snake with a paralyzing poison. Mamba, just like Petya, uses a disk-level encryption strategy instead of the conventional file-based one. It simply prevents the OS from booting. Imagine your file servers being hit with this one — full-disk encryption seems to become a ransomware trend.”

For more information about how you can protect your company from dangerous threats, contact us – 404.633.2551 |

0 replies

Leave a Reply

Want to join the discussion?
Feel free to contribute!

Leave a Reply

Your email address will not be published.