New Ransomware Spear-phish Uses Dropbox Attack

The cyber-mafia is stepping up pressure with a new, highly malicious ransomware strain that only takes one click to infect a workstation. This aggressive ransomware gives the victim a mere 24 hours to pay the ransom in Bitcoin. It's called the "Pacman" ransomware, suggesting pictures of something eating up all files. This attack has been rated high-risk because of its highly targeted nature and the degree of social engineering used.

According to KnowBe4 CEO Stu Sjouwerman, “Europe is often used as a beta-testing ground for attacks on the U.S., so you can expect this to happen here. The problem is that this spear phishing attack is focused on a small vertical, but fully automated. In this case it's chiropractors in Denmark. However, with tens of millions of data-breach records out there, targeted spear-phishing becomes much easier to execute.”

This new ransomware strain is highly malicious. In addition to its ransomware payload, the code includes a keylogger and has "kill process" capabilities that shut down Windows operating system functions like taskmgr, cmd, regedit and more which makes it very hard to remove this malware.”

Initially reported by CSIS, the email, using perfect Danish, is disguised as a "possible new patient", just moving into the area, with bad neck and back problems, and looking for a new therapist. The new patient conveniently has links to his MRI and CT scan, because his back is a case of its own.

The malicious code has been developed in .NET, so it needs to have the .NET package installed, which most Windows machines have installed by default these days. From there, "pacman.exe" is extracted and dropped on to the system while initializing the encryption of files on the local hard disk. The code searches the disk for data files which are subsequently encrypted. After a system has been compromised it will call home to the central Command & Control server. A new file extension ".ENCRYPTED" is added to all files and the process replaces the desktop of the infected machine with instructions on how to regain access to the data.

Sjouwerman further stated, “Competition is escalating with gangs furiously innovating in an attempt to grab as much money as possible. Call it a criminal virtual land-grab. Next time it can be your employees getting one of these in their inbox, specifically targeted for your company.”

Sjouwerman advises:

“1) If you have not done so already, on your "edge" device whether this is a web-filter, proxy server or firewall, include Dropbox as a blocked domain. This may not be popular but it's a corporate survival point. It's also a way to get back some control over "shadow-IT".

2) Immediately step your users through effective security awareness training, so that they will spot the red flags related to ransomware spear phishing attacks.”

Featured

  • Just as Expected

    GSX produced a wonderful tradeshow earlier this week. Monday was surprisingly strong in the morning, and the afternoon wasn’t bad at all. That’s Monday’s results and asking attendees to travel on Sunday. Just a quick hint, no one wants to give up their weekend to travel and set up an exhibit booth. I’m just saying. Read Now

    • Industry Events
    • GSX
  • NOLA: The Crescent City

    Twenty years later we finds ourselves in New Orleans. Twenty years ago the aftermath of Hurricane Katrina forced exhibitors and attendees to look elsewhere for tradeshow floor space. Read Now

    • Industry Events
    • GSX
  • Nothing Artificial About this Intelligence

    I have been looking forward to this year’s GSX show in New Orleans, the Cresent City, or if you prefer The Big Easy. It seems like quite a while since we’ve been here. Twenty years ago, ASIS, as it was known then was literally washed out of the city by someone known as Katrina. It is a good thing to come back to NOLA. Read Now

  • From Monitors to Mission Control

    Security Operations Centers (SOC) were once defined by rows of static monitors, each displaying a single feed with operators quietly watching for issues. That model has become obsolete. Incidents evolve too quickly, data comes from multiple locations, and decisions must be made in seconds—not minutes. Read Now

  • New Gas Monkey Garage Venue Uses AI-Enhanced Video Technology

    Gas Monkey Garage, the automotive custom shop and entertainment brand founded by Richard Rawlings of Fast N’ Loud TV fame, has opened a vibrant new restaurant and bar in South Dakota, equipped with advanced, AI-enhanced video tech from IDIS Americas. Read Now

New Products

  • QCS7230 System-on-Chip (SoC)

    QCS7230 System-on-Chip (SoC)

    The latest Qualcomm® Vision Intelligence Platform offers next-generation smart camera IoT solutions to improve safety and security across enterprises, cities and spaces. The Vision Intelligence Platform was expanded in March 2022 with the introduction of the QCS7230 System-on-Chip (SoC), which delivers superior artificial intelligence (AI) inferencing at the edge.

  • Unified VMS

    AxxonSoft introduces version 2.0 of the Axxon One VMS. The new release features integrations with various physical security systems, making Axxon One a unified VMS. Other enhancements include new AI video analytics and intelligent search functions, hardened cybersecurity, usability and performance improvements, and expanded cloud capabilities

  • FEP GameChanger

    FEP GameChanger

    Paige Datacom Solutions Introduces Important and Innovative Cabling Products GameChanger Cable, a proven and patented solution that significantly exceeds the reach of traditional category cable will now have a FEP/FEP construction.