February 10, 2020 By David Bisson 3 min read

Last week in security news, security researchers spotted the Mailto ransomware targeting enterprise networks and encrypting their connected Windows devices. Speaking of ransomware, the EKANS family attracted the security community’s attention for its ability to stop ICS-related processes. Additionally, a security researcher found a vulnerability in the WhatsApp desktop app that could have allowed malicious actors to remotely access files on a local computer.

Top Story of the Week: Mailto Ransomware Sets Its Sights on Enterprise Networks

In August 2019, ID Ransomware spotted a new ransomware family appending the “Mailto” extension to the files that it had successfully encrypted. Fast forward to February 2020, when an Australian transportation and logistics company revealed that the same ransomware had encrypted its network. This security incident was the first public indication that Mailto (or Netwalker) ransomware had begun going after enterprise networks.

Bleeping Computer analyzed a recent Mailto sample and found that its executable attempted to impersonate the “Sticky Password” software. This analysis also revealed that the sample had arrived with a configuration that was more sophisticated and granular than those employed by other ransomware families.

Source: iStock

Also in Security News

  • Diabetic Patients Targeted by Android Malware: FortiGuard Labs spotted a new form of Android malware called “Android/FakePlayer.X!tr” back in September 2019. The malware masqueraded as an Android app that provided users with information about diabetes, but in actuality, it leveraged a Trojan dialer to send SMS messages to users presumably in an effort to steal funds from its victims.
  • Financial Institutions Caught in Metamorfo’s Crosshairs: Researchers at FortiGuard Labs spotted two different variants of Metamorfo, a malware family known for targeting online customers of financial institutions. The first targeted only the customers of Brazilian financial organizations, while the second targeted customers of institutions located in multiple countries.
  • Flaw in WhatsApp Desktop App Allowed Attackers to Access Local Files: Security researcher Gal Weizman of PerimeterX uncovered a vulnerability (CVE-2019-18426) that enabled a malicious actor to perform cross-site scripting attacks and read local files. The flaw, which affected WhatsApp Desktop versions prior to 0.3.9309 when paired with WhatsApp for iPhone versions prior to 2.20.10, required users to click on a link preview from a specially crafted text message.
  • Phishing Campaign Delivered Versatile Anubis Malware to Android Users: Cofense spotted a phishing campaign that preyed on Android devices that permitted the installation of unsigned Android applications. The campaign ultimately delivered Anubis, a banking Trojan that is also capable of hijacking infected devices, encrypting a victim’s files and holding that data for ransom.
  • ICS-Related Process Appeared on EKANS Ransomware’s Kill List: Researchers at Dragos spotted a sample of EKANS ransomware using a hardcoded “kill” list to terminate several processes associated with organizations’ industrial control systems (ICS). If executed on the right type of system, such functionality could disrupt the view condition of the network.
  • Malicious Android Apps Used for Downloading Malware, Performing Ad Fraud: Researchers at Trend Micro discovered several malicious optimizer, booster and utility apps that could perform ad fraud and download as many as 3,000 malware variants and payloads onto an infected Android device. At the time of writing, the apps were no longer available on the Google Play store.
  • Phishing Campaign Targeting Financial Services Organizations Delivered MINEBRIDGE: In January 2020, FireEye began tracking a phishing campaign targeting financial services organizations primarily located in the U.S. That campaign used carefully crafted phishing documents to download and deploy the MINEBRIDGE backdoor.

Security Tip of the Week: Minimize the Damage of a Ransomware Infection

Security personnel can help their organizations minimize the impact of a ransomware infection by implementing a data backup strategy and regularly testing those backups. They should perform these backups as part of a layered defense strategy that includes anti-virus solutions and security awareness training.

More from

How to craft a comprehensive data cleanliness policy

3 min read - Practicing good data hygiene is critical for today’s businesses. With everything from operational efficiency to cybersecurity readiness relying on the integrity of stored data, having confidence in your organization’s data cleanliness policy is essential.But what does this involve, and how can you ensure your data cleanliness policy checks the right boxes? Luckily, there are practical steps you can follow to ensure data accuracy while mitigating the security and compliance risks that come with poor data hygiene.Understanding the 6 dimensions of…

2024 roundup: Top data breach stories and industry trends

3 min read - With 2025 on the horizon, it’s important to reflect on the developments and various setbacks that happened in cybersecurity this past year. While there have been many improvements in security technologies and growing awareness of emerging cybersecurity threats, 2024 was also a hard reminder that the ongoing fight against cyber criminals is far from over.We've summarized this past year's top five data breach stories and industry trends, with key takeaways from each that organizations should note going into the following…

Black Friday chaos: The return of Gozi malware

4 min read - On November 29th, 2024, Black Friday, shoppers flooded online stores to grab the best deals of the year. But while consumers were busy filling their carts, cyber criminals were also seizing the opportunity to exploit the shopping frenzy. Our system detected a significant surge in Gozi malware activity, targeting financial institutions across North America. The Black Friday connection Black Friday creates an ideal environment for cyber criminals to thrive. The combination of skyrocketing transaction volumes, a surge in online activity…

Topic updates

Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today