Protect your corporate IT network from hackers and other unwanted intruders with Proxy Sentinel™. Click here for all the details and get the peace of mind you deserve.
Back to our Homepage Proxy Sentinel™ high performance Internet proxy server and secure firewall solution Firewall Sentinel™ secure & powerful Internet firewall solution About Internet Security.ca and GCIS Frequently Asked Questions on Internet security issues Internet Security Industry News - Stay informed of what's happening Contact Internet Security.ca today and order your Proxy Sentinel™ or Firewall Sentinel™ server now!

Criminals pose as job candidates to spread ransomware on computers

Sponsered ads:
Read the latest IT news. Visit ItDirection.net. Updated several times daily.

If you need reliability when it comes to SMTP servers, get the best, get Port 587.

Get a powerful Linux Dual-Core dedicated server for less than $2.67 a day!

Share on Twitter.

January 5, 2017

We've been noticing lately that cybercriminals are posing as potential job candidates in an effort to spread ransomware and nasty viruses into human resources departments and their computers.

And the trend is increasing. The ransomware vector contains two attachments. The first is a harmless PDF cover letter designed to convince the human resources worker that the criminal's email exchange is legitimate.

A second attachment is an Excel spreadsheet that contains the bad ransomware payload, a variant of Petya which CheckPoint researchers designated GoldenEye. HR staff are requested to enable macros, an obsolete but sadly very effective means of Windows box popping, according to Microsoft.

This allows the ransomware to begin encrypting the PC's local drive. A false loading screen buys GoldenEye some time to encrypt the computer. Once the malware has completed its nasty scheme, a note demands payment of 1.3 bitcoins (currently US $1,466) for the provision of the decryption key that will reverse the damage that has been done.

For now, German organizations are being targeted the most, according to the CheckPoint researchers who discovered the security threat.

"If the campaign sounds familiar, it's because it was used in the past by the Cerber ransomware," researchers assert.

"As both Petya/GoldenEye and Cerber act as ransomware-as-a-service, it's very likely that there is one threat actor leveraging the German resumé campaign to send both malware types to their victims," the researchers warn.

Various global enterprises have become a more attractive target for ransomware criminals, since consumer webmail providers like Google and Microsoft tweaked spam filters to filter out much of the inbound malicious traffic.

Recorded Future threat analyst Allan Liska says that company spam filters are typically poor performers, making several businesses a weak 'chain link' through which their threats stand a better chance of executing their malware and viruses.

"For now, spam campaigns are losing the battle against consumer webmail providers like Yahoo, Microsoft, and Google," Liska asserts. "Those services have gotten very good at quickly identifying new ransomware campaigns and are sending the offending emails to the junk/spam folder.

"This contributed to the gradual and increased rise of ransomware in the enterprise segment last year. The spam filtering systems in many organizations are increasingly less effective these days, or simply non-existent than those of the consumer webmail providers, which is one of the reasons why the attackers behind ransomware have focused on corporate targets," the researchers warn.

Only the most well-implemented ransomware forms stand the test of time, and this one seems to qualify. White hat security researchers have spent considerable effort breaking the security controls behind scores of ransomware variants in a hugely successful bid to provide potential victims with free decryption keys.

Much of the work is now formalised into the 'NoMoreRansom' initiative, which unifies a formerly scattered and siloed, but furious effort by malware researchers to mitigate scores of ransomware variants.

About six thousand users had as of December 15, 2016 been liberated from ransomware infection without the need to pay ransoms, thanks to the white hats' work in preventing such mishaps from occuring.

Source: Check Point.

Sponsered ads:
Read the latest IT news. Visit ItDirection.net. Updated several times daily.

If you need reliability when it comes to SMTP servers, get the best, get Port 587.

Get a powerful Linux Dual-Core dedicated server for less than $2.67 a day!

Share on Twitter.


Home | Proxy Sentinel™ | Firewall Sentinel™ | FAQ | News | Sitemap | Contact
Copyright © Internet Security.ca    Terms of use    Privacy agreement    Legal disclaimer