Skip to content

RansomWare

Bomb threat’ scammers linked to earlier sextortion campaign

Scare tactic efforts may be the work of a single group

Yesterday’s ‘bomb scare’ spam campaign may have been a follow-up to another infamous email extortion effort.

Researchers with Cisco’s Talos say that the rash of emails floated yesterday demanding that recipients pay a Bitcoin ransom or face the possibility of a bomb attack on their offices are simply an evolution of the scare-tactic extortion scam that surfaced in October of this year.

In that scam, the sender copied passwords from a for-sale list of stolen credentials then sent them to a target claiming to have installed malware on their computer. The victim was told to send money or have compromising videos leaked. Of course, those videos did not exist and there was no malware.

We analyzed a few of these and saw that the credentials were not correct in our sample

This week, the scammers pivoted to a new type of threat, spaffing out emails that claimed the recipients building would blow up unless they sent $20,000 in Bitcoin.
bomb

The composition of the emails, as well as the demand for Bitcoin payoffs, was remarkably similar, and Talos researcher Jaeson Schultz thinks he knows why.

“Multiple IPs involved in sending these bomb threats also sent various types of sextortion email that we saw in the previous campaign,” Schultz explained.

Fortunately, Schultz says, the latest technique is not paying off for the hapless extortionists.

“Only two of the addresses have a positive balance, both from transactions received Dec. 13, the day the attacks were distributed,” he said.

“However, the amounts of each transaction were under $1, so it is evident the victims in this case declined to pay the $20,000 extortion payment price demanded by the attackers.”

With that sort of success rate, it is no surprise that, as of yesterday, the crew decided to try another threat to scare people out of their cryptocoins. This time, it is with the threat of an acid attack.

It should go without saying: Don’t pay any ransom demanded by an unsolicited email, and report all threats to an admin and/or the police. ®

Petya Ransonware

I have been busy so no chance to write the blog. But I had few minutes this AM to collect some links of articles on the Petya Ransomware.

Good Summaries
https://www.nytimes.com/2017/06/27/technology/global-ransomware-hack-what-we-know-and-dont-know.html
https://www.theguardian.com/world/2017/jun/27/petya-ransomware-attack-strikes-companies-across-europe

Up to Minute Updates from ESET (L4 Networks is an ESET Partner)
https://www.welivesecurity.com/2017/06/27/new-ransomware-attack-hits-ukraine/

How to protect yourself (From ESET)

  • Use reliable antimalware software: This is a basic but critical component. Just because it’s a server, and it has a firewall, does not mean it does not need antimalware. It does! Always install a reputable antimalware program and keep it updated. [L4 Note: And just because you have a hardware firewall, it does NOT mean you do not need an application level firewall. You DO! ]
  • Make sure that you have all current Windows updates and patches installed
    Run ESET’s EternalBlue Vulnerability Checker to see whether your Windows machines are patched against EternalBlue exploit, and patch if necessary.
    For ESET Home Users: Perform a Product Update.
    For ESET Business Users: Send an Update Task to all Client Workstations or update Endpoint Security or Endpoint Antivirus on your client workstations.