New Ransomware Phishing Scheme Lets Wannabe Cybercrims In For Nothing

CyberheistNews Vol 7 #11   |   March 14th., 2017 by KnowBe4

ZDNet reported on a new scheme for aspiring cyber criminals that lets them into the ransomware racket at no cost at all, but at a steep 50/50 split with the people that provide them with the malicious code.

We think that this will not be a major hurdle and that this strain that uses phishing with malicious attachments will take off in the very near future.

This new ransomware operation is providing malicious software to affiliates for nothing in exchange for a big slice of any successful scores. The move represents another evolution in ransomware which could make it an even more dangerous threat, because criminals may be tempted to download it and launch a ransomware campaign as they don’t need to part with their cash to do so.”

Victims are infected with the Dot ransomware using malicious phishing attachments, which will encrypt their files when they run and open a ReadMe HTML, informing them they need to pay a Bitcoin ransom in order to regain access to their data.

“The simplistic and straight-forward design of Dot ransomware enables just about anyone to conduct cybercrime,” warn Fortinet researchers, who predict Dot will soon become a big threat to businesses.

“Although we haven’t seen this ransomware in the wild, with the advertisements being made accessible on hacking forums, it’s only a matter of time until people start taking the bait.”

The scheme reared its ugly head in mid-February and all the user needs to get started is access to the download via the Tor browser and register a Bitcoin address.

Once this is done, the Dot criminal coders allow a download with a getting started guide, including help on which file types to use to distribute ransomware, and hints about the level of ransoms to charge in which countries. They provide a dashboard to keep track of the number and status of infections and the code is designed like normal modern software.

SEC Phishing Emails Target Execs for Inside Info

A sophisticated phishing attack is trying to get confidential corporate information. Bad guys are sending spoofed emails claiming to be from the Security and Exchange Commission, and target lawyers, compliance managers, and the very company officials who file documents with the SEC.

Late February 2017, FireEye identified this spear phishing campaign based on multiple similar tools, tactics, and procedures, and have high confidence that this campaign is associated with the financially motivated threat group tracked by FireEye as FIN7.

Spear Phishing Campaign

All of the observed intended recipients of the spear phishing campaign appeared to be involved with SEC filings for their respective organizations. Many of the recipients were even listed in their company’s SEC filings. The sender email address was spoofed as EDGAR , the attachment is named “Important_Changes_to_Form10_K.doc”.

First International Cybermafia

John Miller, a director of threat intelligence at FireEye, described the attackers as among “the most sophisticated financial actors” and said their methods were similar to hackers who targeted ATM machines and other parts of the banking system. He also warned the hacking tools they sought to install were particularly insidious.

“It’s the Swiss army knife of malware. It lets you do whatever you want to with the compromised system,” Miller said. Fin7 is the first international cybermafia, a group of cybercriminals from Russia, Ukraine and other parts of Europe and China. More about which industries are targeted at the KnowBe4 Blog:

000-017   000-080   000-089   000-104   000-105   000-106   070-461   100-101   100-105  , 100-105  , 101   101-400   102-400   1V0-601   1Y0-201   1Z0-051   1Z0-060   1Z0-061   1Z0-144   1z0-434   1Z0-803   1Z0-804   1z0-808   200-101   200-120   200-125  , 200-125  , 200-310   200-355   210-060   210-065   210-260   220-801   220-802   220-901   220-902   2V0-620   2V0-621   2V0-621D   300-070   300-075   300-101   300-115   300-135   3002   300-206   300-208   300-209   300-320   350-001   350-018   350-029   350-030   350-050   350-060   350-080   352-001   400-051   400-101   400-201   500-260   640-692   640-911   640-916   642-732   642-999   700-501   70-177   70-178   70-243   70-246   70-270   70-346   70-347   70-410   70-411   70-412   70-413   70-417   70-461   70-462   70-463   70-480   70-483   70-486   70-487   70-488   70-532   70-533   70-534   70-980   74-678   810-403   9A0-385   9L0-012   9L0-066   ADM-201   AWS-SYSOPS   C_TFIN52_66   c2010-652   c2010-657   CAP   CAS-002   CCA-500   CISM   CISSP   CRISC   EX200   EX300   HP0-S42   ICBB   ICGB   ITILFND   JK0-022   JN0-102   JN0-360   LX0-103   LX0-104   M70-101   MB2-704   MB2-707   MB5-705   MB6-703   N10-006   NS0-157   NSE4   OG0-091   OG0-093   PEGACPBA71V1   PMP   PR000041   SSCP   SY0-401   VCP550   352-001   101   102-400   MB2-707   70-178   JN0-102   640-911   ICGB   350-001   70-246   000-089   300-135   9A0-385   1V0-601   70-412   70-347   300-070   000-104   350-060   200-310