A Dual Attack Spam Outbreak Pushes Two Ransomware Strains Alternatively
A new report by Trend Micro tells about one fresh ransomware campaign being detected that makes a dual attack campaign via contaminating users first by the well-known Locky ransomware followed with another ransomware called FakeGlobe.
Regarding Locky, it's a highly prolific as well as successful ransomware because it is continuously modified in between attacks so that security researchers can't crack it. Among the targets of Locky, healthcare is the most prominent. FakeGlobe, which was uncovered previously in 2017, conventionally is launched through e-mail-based inconspicuous attacks.
According to the researchers from Trend Micro a Japanese security firm, the latest campaign has affected a maximum of 70 countries. The early September spam mail campaign had both the ransomware variants disseminated, with the payload purposely designed for altering regularly. Moreover, the attackers are launching assaults during work hours that make the former most effective bulk e-mail campaigns.
Consequently, when victims pursue one booby-trapped web-link, the first hour Locky is delivered while during the next, FakeGlobe. After the researchers analyzed these attacks, they concluded the strategy made an extremely real possibility of a re-infection. Within every instance, the spam mails had one attached document and one embedded web-link, both fake payment invoices. Also both took onto different downloadable URLs. The two downloads produce 2 separate binaries delivering first the .lukitius Locky strain and then the FakeGlobe. The first appearance of FakeGlobe, which is called Globe Imposter too, occurred during June 2017 when too it utilized bogus invoices within its socially-engineered tactic. Scmagazine.com posted this dated September 19, 2017.
Accompanied with bogus invoices, FakeGlobe entices victims into clicking web-links and attachments. There is also one support page for the ransomware to aid victims in making payments of the ransoms demanded. Trend Micro further cautions about other spam outbreaks, a particular one carrying one DOC attachment which lures victims into activating 'Macros' for the distribution of malicious payload. The outbreak in rotation delivers Locky followed with FakeGlobe. One likewise outbreak delivering the two rotating ransomware samples drew attention on 30th August this year. The attackers first employed Locky in a natural way; however, quickly added FakeGlobe.
» SPAMfighter News - 9/28/2017
We are happy to see you are reading our IT Security News.
We do believe, that the foundation for a good work environment starts with fast, secure and high performing computers. If you agree, then you should take a look at our Business Solutions to Spam Filter & Antivirus for even the latest version of Exchange Servers - your colleagues will appreciate it!