Illinois: (312) 533-4033
Pennsylvania: (814) 333-3117

Indiana: (765) 395-7240
Wisconsin: (262) 686-5070
Ohio: (440) 797-1090

It’s Phishing Season Once Again for Cybercriminals

Over the last few years, cybercriminals had moved away from email scams and onto accessing remote ports to deliver their ransomware payloads. According to recent research, however, phishing has seen a small comeback in 2020, and experts believe it could lead to the large ransomware campaigns that plagued machines in 2018.

There are a number of ransomware families as first-stage payloads, including Avaddon, Buran, Darkgate, Philadelphia, Mr. Robot and Ranion. Each of these ransomware families encrypts the victim’s files and holds them ransom for patent.

The daily volumes ranged from one to as many as 350,000 messages in each campaign, and over 1 million messages between June 4 through 10 of this year featured Avaddon alone.

Proofpoint – the research company identifying this trend – offers some tips to look out for some of these ransomware families:

  •  Avaddon – Recent Avaddon messages feature subject lines like, “Do you know him?”, “Our old picture,” “Photo for you”, “Do you like my photo?”, “Is this you?” Once opened, the included attachment downloads Avaddon using Powershell, and the message demands $800 in bitcoin via TOR for decryption of the victim’s files.
  • Mr. Robot – This ransomware relied on panic surrounding COVID-19 to persuade victims to click. Between May 19 and June 1, these campaigns target entertainment, manufacturing and construction businesses in the United States. Recipients of these campaigns received messages claiming to be from the Department of Health or something similar, and included subject lines like “Your COVID19 results are ready.” These scammers demanded a $100 ransom.
  • Philadelphia – After three years of hibernation, this ransomware has returned to target manufacturing and food and beverage companies in Germany with German-language lures. The message claims to come from “Federal Germany Government” and uses the insignia of the Federal Republic of German, along with German text that translates to “The decision to close your company due to COVID-19.”

The best prevention is to ensure you have the proper security solutions in place and that you partner with an IT Consulting firm that has your back, all the time. 2W Tech is a technology service provider that specializes in manufacturing solutions. Security is one of our areas of expertise, so give a call today to learn more.

Read More:

Data Analytics Offers Much Needed Confirmation

It’s Time for a Midyear Internal IT Audit