ALERT: WannaCry ransomware hits 150 countries with over 200,000 victims in only 3 days. The attack crawls for open vulnerabilities in Windows OS. Typically, ransomware like most Phishing attacks use a blended approach of email and web as attack vectors.

Please be sure to: (a) update your Windows OS right away, (b) make sure you have and are using current versions of both email and web security systems, and (c) archive your emails and files to ensure back up and recovery.

Criminal hackers are constantly trying to trick people into clicking on links or open attachments they did not ask for. Their new “scam of the week” is to send you an email that looks like it comes from WhatsApp and claims it is a voice mail left for you. It’s not.

Do not click on the “Play” button. If you do, your computer will get infected with malware which can cause your identity to get stolen, or all your (or the organization’s) files held for ransom.

Here is a general safety rule: Instead of clicking a link in an unverified email claiming it’s from WhatsApp (or any other social media) log in to your WhatsApp account the standard way instead and check for any messages there. Remember: “When in doubt, throw it out!”

“There is a new spin on an existing phishing scam you need to be aware of. Bad guys are doing research on you personally using social media and find out where and when you (might) travel for business. Next, they craft an email especially for you with an airline reservation or receipt that looks just like the real thing, sent with a spoofed “From” email address that also looks legit.

“Sometimes, they even have links in this email that go to a website that looks identical to the real airline, but it is fake. They try to do two things: 1) try to steal your company username and password, and 2) try to trick you into opening the attachment which could be a PDF or DOCX. If you click on the link or open the attachment, your workstation will possibly get infected with malware that allows the bad guys to hack into our network.

Remember, if you want to check any airline reservations or flight status, open your browser and type the website name in the address bar or use a bookmark that you yourself set earlier. Do not click on links in emails to go to websites. And as always…. Think before You Click!”

• Infection vector is email attachment with HTA file
• Spora exhibits worm-like behavior using .LNK files
• Anyone bringing a USB stick to the office is now a possible ransomware infection vector.

Read the entire article at KnowBe4

A new article published today by KrebsonSecurity about the hacking of the San Francisco rail system re-confirms that foreign hackers use ransomware to extort money from U.S. businesses. The hacker in the Krebs article has been extorting money from different companies in the amounts of tens or hundred of thousands of dollars. Read the entire article on KrebsonSecurity.com

Sometimes we may think that, my company is not big enough to catch a hacker’s interest. Wrong. No company is too small or too big for a hacker to extort money from. As the hacking impact may be different for each company, it is interfering with the business operations. It is important that additional security measures are taken to accessing company database and files. Additionally, if you received a ransom request after an attacked, report it immediately to the FBI. Each reporting can be used to identifying the bad guys.

On September 15, FBI published a new Public Service Announcement urging victims of ransomware to report the attacks to the them. Every ransomware report helps the FBI “gain a more comprehensive view of the current threat and its impact on U.S. victims”.

Ransomware creators are currently targeting businesses, not only individuals, causing service disruptions, financial loss, and in some cases, permanent loss of valuable data. In the first months of 2016, FBI reports that the “global ransomware infections were at an all-time high”, estimating 100,000 computers a day being compromised by one ransomware variant. However, an exact number of individual or business victims cannot accurately be identified because many of the ransomware attacks go unreported.

“All ransomware variants pose a threat to individual users and businesses. Recent variants have targeted and compromised vulnerable business servers (rather than individual users) to identify and target hosts, thereby multiplying the number of potential infected servers and devices on a network.”

CONTINUE READING at: https://www.ic3.gov/media/2016/160915.aspx