TrendMicro researchers have observed a spike in spam campaigns running Cerber, Petya, e Locky ransomware. The three crypto viruses are plaguing users in Germany, mas o impacto dos operadores maliciosos ultrapassa as fronteiras. Another ransomware operation that has been quite active lately is the GoldenEye virus, again targeting German speaking users. As to why ransomware operators are targeting this European county – German users may be more likely to pay the ransom.
relacionado: Mischa Ransomware Bonds com Petya Ransomware
Ransomware Campaigns Targeting Germany, dezembro 2016
TrendMicro has shared feedback from their Smart Protection Network:
Feedback from our Smart Protection Network™ cite Germany, Peru, Itália, Espanha, and France among top countries in Europen with high ransomware detections from January to November 2016.
Some other third ransomware in Germany came from malicious URLs. The primary distribution method is spam emails – 63%. Malicious URLs associated with Locky peaked at over 700 during the second week of November. From the last week of November to mid-December, the URLs TrendMicro succeeded to block ranged between 50 e 400.
relacionado: A maioria Ludicrous ransomware em 2016
Another campaign recently detected in Germany used tailored spam emails imitating the police cyber department in Cologne. Recipients were accused of fraud, and were prompted to open a (malicioso) anexo. The .ZIP file contained a Word file discovered to be W2KM_CERBER.DLBZY. Como sempre, the document had malicious macro embedded that would download and run a Cerber ransomware copycat.
The ransomware in question was RANSOM_HiddenTearCerber.A.
The copycat ransomware demonstrates how other strains impersonate user interfaces and build on the notoriety and seeming success of families such as CryptXXX, Locky, and Cerber to earn a fast buck.
tão visível, a Cerber copycat is based on Hidden Tear, the open source crypto virus that has enabled many non-professional cyber crooks. The copycat targets and encrypts 128 tipos de arquivo, retrieves the system’s Volume Serial Number, and appends the .cerber extension to compromised files.
A copycat or a original ransomware, all ransomware cases have one thing in common, explained in the quote below:
Recent Malicious Campaigns Also Dropping Banking Trojans
Researchers uncovered a spam email campaign made to look like a telecommunications company. This specific spam email had URLs of the spoofed organizations and claimed to have sent notifications of a mobile phone bill. Users were pushed to open a zipped PDF attachment, which downloaded a variant of Sharik/Smoke Loader Trojan.
Among the other Trojans observed in December operations were some well-known representatives such as EMOTET, DRIDEX, and ZeuS/ZBOT. There was an increase in TrendMicro’s detections in Germany during the same period.
DRIDEX remained low-key until we detected a surge of around 250 active URLs during mid-December, while EMOTET used over 100 URLs in November. Zeus/ZBOT, which began evolving since 2007, had a fair amount of active URLs in its employ, peaking at 250 from October to mid-December.
These Trojans are old but they are still being deployed quite often. They are used mainly for data theft such as harvesting login credentials. Only slight differences in modus operandi and social engineering tricks were observed. The Trojan operators either directly steal money from victims’ bank accounts, or peddle the data in black marketplaces, pesquisadores dizer.
How to Stay Protected: Tips for Keeping Malware and Ransomware Away
- Certifique-se de usar a proteção de firewall adicional. A descarga de um segundo firewall é uma excelente solução para quaisquer potenciais intrusões.
- Make sure that your programs have less administrative power over what they read and write on your computer. Torná-los pedir-lhe acesso de administrador antes de iniciar.
- Use senhas fortes. senhas fortes (de preferência aqueles que não são palavras) são mais difíceis de rachadura por vários métodos, incluindo força bruta, uma vez que inclui listas de passagem com palavras relevantes.
- Desligue o AutoPlay. Isso protege o seu computador de arquivos executáveis maliciosos no pen drives ou outros transportadores de memória externos que são imediatamente inseridos nele.
- Disable File Sharing – recommended if you need file sharing between your computer to password protect it to restrict the threat only to yourself if infected.
- Switch off any remote services – this can be devastating for business networks since it can cause a lot of damage on a massive scale.
- Disable Flash – Se você ver um serviço ou um processo que é externo e não o Windows crítico e está sendo explorada por hackers (Como Flash Player) desativá-lo até que haja uma atualização que corrige o exploit.
- Update all software as soon as patched are available – never estimate the critical security patches for your software and OS.
- Configure your mail server to block out and delete suspicious file attachment containing emails.
- Isolate compromises computers – Se você tem um computador infectado na sua rede, certifique-se de isolar-lo imediatamente por desligá-la e desconectá-lo manualmente a partir da rede.
- Turn off Infrared ports or Bluetooth – hackers love to use them to exploit devices. No caso de você usar o Bluetooth, certifique-se de monitorar todos os dispositivos não autorizados que pedir-lhe para emparelhar com eles e declínio e investigar qualquer queridos suspeitos.
- Backup de seus dados regularly – this is the best tip against any ransomware really.
- Employ a powerful anti-malware solution to protect yourself from any future threats automatically.
digitalizador Spy Hunter só irá detectar a ameaça. Se você quiser a ameaça de ser removido automaticamente, você precisa comprar a versão completa da ferramenta anti-malware.Saiba Mais Sobre SpyHunter Anti-Malware Ferramenta / Como desinstalar o SpyHunter