phishing securityPhishing campaigns become more effective when they closely imitate trusted sources. Security researchers discovered evidence of a phishing attack targeting Microsoft Windows users. The campaign installs three types of malware and targets the computers it infects.

This campaign allows hackers to steal usernames, passwords and banking details. This is in addition to using the infected system for secretly mining cryptocurrency. The hackers manage to get into your wallet.

The Phishing campaign's email contact lists are designed to appear like a payment report from a trusted source. This attachment contains a Microsoft Excel file. It is conveniently provided for the recipient's inspection. The attached document is poisoned with scripts that install malicious payloads and can be opened by anyone who sees it.

Phishing campaigns are still one of the most common hacking methods. They gravitate towards those that are easy to use and work well.

Phishing is a perfect example of this. It is usually trivial to create an email that looks almost identical to one from a trusted source. Hackers have been stealing Microsoft Excel files since before the advent of the internet.

As always, mindfulness and vigilance are the best defense against these types attacks. It is usually enough to call the source of the email to confirm that it is genuine. Surprisingly, very few users do this.

Similar to the previous example, you should exercise caution when clicking on embedded links within an email or downloading files. This includes a second phone call to verify that they actually sent you something.

It's much easier to teach than to implement this skill, since employees haven't had a great track record in either one of these areas. Integrated Technology Systems can work with you to properly train your employees and to install safeguards on your email accounts.

Tricky Ransomware Encrypts and Overwrites Small Data

ransomwareMalwareHunterTeam discovered a ransomware attack that was particularly vicious. Outwardly called Onyx, it does the same thing as most ransomware campaigns. The operation enters corporate networks, steals data, appears to encrypt the rest and threatens to release files to the public if they don't pay.

To unlock encrypted files, an additional fee must be paid. But there is a catch.

Any file greater than 2MB is deleted. The file is then encrypted and overwritten to appear as if it is still there. Unfortunately, victims discover that their files are garbage after they pay the fee to decrypt them.

This is intentional design and not a flaw of the malicious code. This is done to inflict maximum pain on those companies that are affected by the attack.

This discovery was made only recently. It is possible that some companies paid the ransom to get their files back.

This is why you should not pay ransom if you're subject to an Onyx attack. Except for your smaller files, it won't help you. You only have one option: restore the files from backup.

Ransomware attacks and malware attacks, in particular, are a common part of corporate life. Some companies feel the need for ransom to get their businesses back on track, regardless of whether they have poor backups or not. The Onyx Campaign proves that thieves can't be trusted. Take care.

Ransomware doesn't need to be a threat to your business. Be proactive and call Integrated Technology Systems today before you become a target.

Integrated Technology Systems
6 East 45th Street, Suite 400
New York, NY 10017