Light Dark
February 10, 2020 By David Bisson 3 min read

Last week in security news, security researchers spotted the Mailto ransomware targeting enterprise networks and encrypting their connected Windows devices. Speaking of ransomware, the EKANS family attracted the security community’s attention for its ability to stop ICS-related processes. Additionally, a security researcher found a vulnerability in the WhatsApp desktop app that could have allowed malicious actors to remotely access files on a local computer.

Top Story of the Week: Mailto Ransomware Sets Its Sights on Enterprise Networks

In August 2019, ID Ransomware spotted a new ransomware family appending the “Mailto” extension to the files that it had successfully encrypted. Fast forward to February 2020, when an Australian transportation and logistics company revealed that the same ransomware had encrypted its network. This security incident was the first public indication that Mailto (or Netwalker) ransomware had begun going after enterprise networks.

Bleeping Computer analyzed a recent Mailto sample and found that its executable attempted to impersonate the “Sticky Password” software. This analysis also revealed that the sample had arrived with a configuration that was more sophisticated and granular than those employed by other ransomware families.

Source: iStock

Also in Security News

  • Diabetic Patients Targeted by Android Malware: FortiGuard Labs spotted a new form of Android malware called “Android/FakePlayer.X!tr” back in September 2019. The malware masqueraded as an Android app that provided users with information about diabetes, but in actuality, it leveraged a Trojan dialer to send SMS messages to users presumably in an effort to steal funds from its victims.
  • Financial Institutions Caught in Metamorfo’s Crosshairs: Researchers at FortiGuard Labs spotted two different variants of Metamorfo, a malware family known for targeting online customers of financial institutions. The first targeted only the customers of Brazilian financial organizations, while the second targeted customers of institutions located in multiple countries.
  • Flaw in WhatsApp Desktop App Allowed Attackers to Access Local Files: Security researcher Gal Weizman of PerimeterX uncovered a vulnerability (CVE-2019-18426) that enabled a malicious actor to perform cross-site scripting attacks and read local files. The flaw, which affected WhatsApp Desktop versions prior to 0.3.9309 when paired with WhatsApp for iPhone versions prior to 2.20.10, required users to click on a link preview from a specially crafted text message.
  • Phishing Campaign Delivered Versatile Anubis Malware to Android Users: Cofense spotted a phishing campaign that preyed on Android devices that permitted the installation of unsigned Android applications. The campaign ultimately delivered Anubis, a banking Trojan that is also capable of hijacking infected devices, encrypting a victim’s files and holding that data for ransom.
  • ICS-Related Process Appeared on EKANS Ransomware’s Kill List: Researchers at Dragos spotted a sample of EKANS ransomware using a hardcoded “kill” list to terminate several processes associated with organizations’ industrial control systems (ICS). If executed on the right type of system, such functionality could disrupt the view condition of the network.
  • Malicious Android Apps Used for Downloading Malware, Performing Ad Fraud: Researchers at Trend Micro discovered several malicious optimizer, booster and utility apps that could perform ad fraud and download as many as 3,000 malware variants and payloads onto an infected Android device. At the time of writing, the apps were no longer available on the Google Play store.
  • Phishing Campaign Targeting Financial Services Organizations Delivered MINEBRIDGE: In January 2020, FireEye began tracking a phishing campaign targeting financial services organizations primarily located in the U.S. That campaign used carefully crafted phishing documents to download and deploy the MINEBRIDGE backdoor.

Security Tip of the Week: Minimize the Damage of a Ransomware Infection

Security personnel can help their organizations minimize the impact of a ransomware infection by implementing a data backup strategy and regularly testing those backups. They should perform these backups as part of a layered defense strategy that includes anti-virus solutions and security awareness training.

 |  |  |  |  |  |  |  |  |  |  |  | 
David Bisson
Contributing Editor

More from

November 15, 2024

Cybersecurity dominates concerns among the C-suite, small businesses and the nation

4 min read - Once relegated to the fringes of business operations, cybersecurity has evolved into a front-and-center concern for organizations worldwide. What was once considered a technical issue managed by IT departments has become a boardroom topic of utmost importance. With the rise of sophisticated cyberattacks, the growing use of generative AI by threat actors and massive data breach costs, it is no longer a question of whether cybersecurity matters but how deeply it affects every facet of modern operations.The 2024 Allianz Risk…

November 14, 2024

Autonomous security for cloud in AWS: Harnessing the power of AI for a secure future

3 min read - As the digital world evolves, businesses increasingly rely on cloud solutions to store data, run operations and manage applications. However, with this growth comes the challenge of ensuring that cloud environments remain secure and compliant with ever-changing regulations. This is where the idea of autonomous security for cloud (ASC) comes into play.Security and compliance aren't just technical buzzwords; they are crucial for businesses of all sizes. With data breaches and cyber threats on the rise, having systems that ensure your…

November 13, 2024

Adversarial advantage: Using nation-state threat analysis to strengthen U.S. cybersecurity

4 min read - Nation-state adversaries are changing their approach, pivoting from data destruction to prioritizing stealth and espionage. According to the Microsoft 2023 Digital Defense Report, "nation-state attackers are increasing their investments and launching more sophisticated cyberattacks to evade detection and achieve strategic priorities."These actors pose a critical threat to United States infrastructure and protected data, and compromising either resource could put citizens at risk.Thankfully, there's an upside to these malicious efforts: information. By analyzing nation-state tactics, government agencies and private enterprises are…

Topic updates

 Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today
© 2024 IBM Contact Privacy Terms of use Accessibility Cookie Preferences
Sponsored by si-icon-eightbarfeature