New Ransomware Spear-phish Uses Dropbox Attack

The cyber-mafia is stepping up pressure with a new, highly malicious ransomware strain that only takes one click to infect a workstation. This aggressive ransomware gives the victim a mere 24 hours to pay the ransom in Bitcoin. It's called the "Pacman" ransomware, suggesting pictures of something eating up all files. This attack has been rated high-risk because of its highly targeted nature and the degree of social engineering used.

According to KnowBe4 CEO Stu Sjouwerman, “Europe is often used as a beta-testing ground for attacks on the U.S., so you can expect this to happen here. The problem is that this spear phishing attack is focused on a small vertical, but fully automated. In this case it's chiropractors in Denmark. However, with tens of millions of data-breach records out there, targeted spear-phishing becomes much easier to execute.”

This new ransomware strain is highly malicious. In addition to its ransomware payload, the code includes a keylogger and has "kill process" capabilities that shut down Windows operating system functions like taskmgr, cmd, regedit and more which makes it very hard to remove this malware.”

Initially reported by CSIS, the email, using perfect Danish, is disguised as a "possible new patient", just moving into the area, with bad neck and back problems, and looking for a new therapist. The new patient conveniently has links to his MRI and CT scan, because his back is a case of its own.

The malicious code has been developed in .NET, so it needs to have the .NET package installed, which most Windows machines have installed by default these days. From there, "pacman.exe" is extracted and dropped on to the system while initializing the encryption of files on the local hard disk. The code searches the disk for data files which are subsequently encrypted. After a system has been compromised it will call home to the central Command & Control server. A new file extension ".ENCRYPTED" is added to all files and the process replaces the desktop of the infected machine with instructions on how to regain access to the data.

Sjouwerman further stated, “Competition is escalating with gangs furiously innovating in an attempt to grab as much money as possible. Call it a criminal virtual land-grab. Next time it can be your employees getting one of these in their inbox, specifically targeted for your company.”

Sjouwerman advises:

“1) If you have not done so already, on your "edge" device whether this is a web-filter, proxy server or firewall, include Dropbox as a blocked domain. This may not be popular but it's a corporate survival point. It's also a way to get back some control over "shadow-IT".

2) Immediately step your users through effective security awareness training, so that they will spot the red flags related to ransomware spear phishing attacks.”

Featured

  • Freedom of Choice

    In today's security landscape, we are witnessing a fundamental transformation in how organizations manage digital evidence. Law enforcement agencies, campus security teams, and large facility operators face increasingly complex challenges with expanding video data, tightening budget constraints and inflexible systems that limit innovation. Read Now

  • Accelerating a Pathway

    There is a new trend touting the transformational qualities of AI’s ability to deliver actionable data and predictive analysis that in many instances, seems to be a bit of an overpromise. The reality is that very few solutions in the cyber-physical security (CPS) space live up to this high expectation with the one exception being the new generation of Physical Identity and Access Management (PIAM) software – herein recategorized as PIAM+. Read Now

  • Protecting Your Zones

    It is game day. You can feel the crowd’s energy. In the parking lot. At the gate. In the stadium. On the concourse. Fans are eager to party. Food and merchandise vendors ready themselves for the rush. Read Now

  • Street Smarts

    The ongoing acceptance of AI and advanced data analytics has allowed surveillance camera technology to shift from being a tactical tool to a strategic business solution. Combining traditional surveillance technology with AI-based data-driven insights can streamline transportation systems, enhance traffic management, improve situational awareness, optimize resource allocation and streamline emergency response procedures. Read Now

  • Midtown Manhattan Shooting Kills 4, Including NYPD Officer

    Four people were killed, including a NYPD officer, in a midtown Manhattan shooting on Monday. That’s according to CNN. Read Now

New Products

  • Mobile Safe Shield

    Mobile Safe Shield

    SafeWood Designs, Inc., a manufacturer of patented bullet resistant products, is excited to announce the launch of the Mobile Safe Shield. The Mobile Safe Shield is a moveable bullet resistant shield that provides protection in the event of an assailant and supplies cover in the event of an active shooter. With a heavy-duty steel frame, quality castor wheels, and bullet resistant core, the Mobile Safe Shield is a perfect addition to any guard station, security desks, courthouses, police stations, schools, office spaces and more. The Mobile Safe Shield is incredibly customizable. Bullet resistant materials are available in UL 752 Levels 1 through 8 and include glass, white board, tack board, veneer, and plastic laminate. Flexibility in bullet resistant materials allows for the Mobile Safe Shield to blend more with current interior décor for a seamless design aesthetic. Optional custom paint colors are also available for the steel frame.

  • HD2055 Modular Barricade

    Delta Scientific’s electric HD2055 modular shallow foundation barricade is tested to ASTM M50/P1 with negative penetration from the vehicle upon impact. With a shallow foundation of only 24 inches, the HD2055 can be installed without worrying about buried power lines and other below grade obstructions. The modular make-up of the barrier also allows you to cover wider roadways by adding additional modules to the system. The HD2055 boasts an Emergency Fast Operation of 1.5 seconds giving the guard ample time to deploy under a high threat situation.

  • Camden CV-7600 High Security Card Readers

    Camden CV-7600 High Security Card Readers

    Camden Door Controls has relaunched its CV-7600 card readers in response to growing market demand for a more secure alternative to standard proximity credentials that can be easily cloned. CV-7600 readers support MIFARE DESFire EV1 & EV2 encryption technology credentials, making them virtually clone-proof and highly secure.