When was the last time you received an email with an attachment from a stranger? Did you open it? A new phishing campaign rocketed around the world this week, and it wasn’t the only attack on personal data. Evolutions in old ransomware variants and innovative new ones were also looking for weaknesses in your data protection plans. Find out what’s next for your data in this week’s tech roundup.
Cerber ransomware adds devious new features
Cerber ransomware is back with version 6, and the newest update comes with a host of dangerous new features, Bleeping Computer reports. These include new distribution vectors, an updated encryption routine, anti-sandboxing and anti-AV defensive features.
The latest version was first found at the end of March, and came just a few months after Cerber 4 and Cerber 5. Each update came with its own round of updates as well.
This Cerber ransomware variant still attacks its victims the same way previous versions had, utilizing massive spam campaigns to target users. Most of these emails contain infected ZIP files, while others use self-extracting archives to execute a complex attack chain.
It has also gotten much harder for security researchers to identify these infections, as recent updates have introduced a delay from the time of introduction to the time of infection.
The biggest update to this Cerber ransomware, however, is an advanced encryption method that uses Microsoft’s Cryptographic Application Programming Interface.
Cerber isn’t a new threat, but its recent upgrades have made it the most popular ransomware variant in the world among cybercriminals. Reinforce your defenses against this surging new threat: upgrade your backup solution to one with active anti-ransomware features today.
RELATED: What is ransomware?
Ransomware changes ransom demand depending on prosperity of the country
A new ransomware variant called Fatboy is changing the way ransomware-as-a-service offerings demand payment, according to ZDNet. Fatboy first emerged on the scene in March, and it is quickly gaining support and traction.
Fatboy adjusts its ransom demand according to where the victim lives. If the country of the victim’s residence is more prosperous, the ransom request will be higher, and vice versa. This adjustable payment scheme works to ensure that the maximum amount of ransom is received after each infection.
The creator of this ransomware took the idea from The Economist’s Big Mac Index, it seems. This index evaluates the cost of a Big Mac comparatively across the world.
Victims of a Fatboy attack have four days after their data has been encrypted to pay the calculated ransom and get their files back. This innovative ransomware has made its creator more than $5,000 since it first hit the market a month ago.
IBM ships infected USB drives to customers
IBM customers, beware: the company accidentally sent out USB drives infected with malware.
According to Tech Republic, these infected drives contain an initialization tool for its Storwize systems. USB flash drives with the part number 01AC585 are urged to either destroy their device or follow the instructions outlined in a support advisory post to fix the drive.
The flash drives come with the following Storwize systems:
- IBM Storwize V3500 - 2071 models 02A and 10A
- IBM Storwize V3700 - 2072 models 12C, 24C, and 2DC
- IBM Storwize V5000 - 2077 models 12C and 24C
- IBM Storwize V5000 - 2078 models 12C and 24C
When these infected drives are used, the tools make a copy of themselves in a temporary desktop folder. The malicious code is then copied where it lies in wait.
Users who have already inserted these USB drives and run initialization should run an antivirus scan and check that their backups are up-to-date.
This isn’t the first time IBM has distributed infected drives, and with the ease in which this malicious malware can get onto your device, it’s important that your data protection is comprehensive and complete.
One million Gmail users fall victim to phishing attack
A recent Google Docs phishing scam affected one million Gmail users around the world, according to Threatpost.
Google was quick to respond to the attack, disabling malicious accounts as well as removing fake pages and dangerous applications. Security measures were also released via updates to Gmail, Safe Browsing, and Google’s in-house systems.
An hour after the attack was first noticed, Google had effectively stopped the campaign, but not before the attackers had stolen contact information from up to a million users. The rapid spread was attributable to the malware’s worm capabilities: each victim’s contact list was accessed and used to initiate a new round of attacks.
The attack, which began on Wednesday, bypassed all email security checks utilized by Gmail. Its rapid dissemination before Google’s countermeasures took effect highlights the importance of user awareness of security and data protection best practices.
“From a user education perspective, it is important to emphasize the danger of sharing access with third-party applications, and to be sensitive if an application needs all the privileges it asks for. This is also often abused for user profiling and monitoring (e.g. Facebook applications almost always try to get a list of your friends),” said Head of Research at SANS Institute Johannes Ullrich.
The U.N. is using blockchain to end world hunger
It’s becoming increasingly apparent that there are more uses for blockchain technology than just cryptocurrency, and the United Nations is ready to put this technology to the test.
Last week, the U.N. launched its first large-scale blockchain trial in Jordan to put a stop to world hunger. Blockchain will be used to track cryptographic coupons that will be distributed to five refugee camps, according to the International Business Times.
This project will initially distribute these blockchain-backed funds to 10,000 people in Jordan suffering from hunger. If successful, the project will expand and become available to the entire refugee population in Jordan by next year.
“The iris scan payment system has been extremely successful, and we are thrilled that [the World Food Program] and its partners are now able to serve Syrian refugees living in Jordan’s largest camp through this innovative system,” said WFP country director Mageed Yahia.
This initiative comes a year after blockchain was first used for a similar purpose in Pakistan. This blockchain pilot project was called Building Blocks.
The United Nations hopes that blockchain can be the answer to the question of accountability when it comes to humanitarian organization income loss and resource loss. By tracking where this money and these resources go, more people will benefit from the aid.
About Acronis
A Swiss company founded in Singapore in 2003, Acronis has 15 offices worldwide and employees in 50+ countries. Acronis Cyber Protect Cloud is available in 26 languages in 150 countries and is used by over 20,000 service providers to protect over 750,000 businesses.