Light Dark
February 10, 2020 By David Bisson 3 min read

Last week in security news, security researchers spotted the Mailto ransomware targeting enterprise networks and encrypting their connected Windows devices. Speaking of ransomware, the EKANS family attracted the security community’s attention for its ability to stop ICS-related processes. Additionally, a security researcher found a vulnerability in the WhatsApp desktop app that could have allowed malicious actors to remotely access files on a local computer.

Top Story of the Week: Mailto Ransomware Sets Its Sights on Enterprise Networks

In August 2019, ID Ransomware spotted a new ransomware family appending the “Mailto” extension to the files that it had successfully encrypted. Fast forward to February 2020, when an Australian transportation and logistics company revealed that the same ransomware had encrypted its network. This security incident was the first public indication that Mailto (or Netwalker) ransomware had begun going after enterprise networks.

Bleeping Computer analyzed a recent Mailto sample and found that its executable attempted to impersonate the “Sticky Password” software. This analysis also revealed that the sample had arrived with a configuration that was more sophisticated and granular than those employed by other ransomware families.

Source: iStock

Also in Security News

  • Diabetic Patients Targeted by Android Malware: FortiGuard Labs spotted a new form of Android malware called “Android/FakePlayer.X!tr” back in September 2019. The malware masqueraded as an Android app that provided users with information about diabetes, but in actuality, it leveraged a Trojan dialer to send SMS messages to users presumably in an effort to steal funds from its victims.
  • Financial Institutions Caught in Metamorfo’s Crosshairs: Researchers at FortiGuard Labs spotted two different variants of Metamorfo, a malware family known for targeting online customers of financial institutions. The first targeted only the customers of Brazilian financial organizations, while the second targeted customers of institutions located in multiple countries.
  • Flaw in WhatsApp Desktop App Allowed Attackers to Access Local Files: Security researcher Gal Weizman of PerimeterX uncovered a vulnerability (CVE-2019-18426) that enabled a malicious actor to perform cross-site scripting attacks and read local files. The flaw, which affected WhatsApp Desktop versions prior to 0.3.9309 when paired with WhatsApp for iPhone versions prior to 2.20.10, required users to click on a link preview from a specially crafted text message.
  • Phishing Campaign Delivered Versatile Anubis Malware to Android Users: Cofense spotted a phishing campaign that preyed on Android devices that permitted the installation of unsigned Android applications. The campaign ultimately delivered Anubis, a banking Trojan that is also capable of hijacking infected devices, encrypting a victim’s files and holding that data for ransom.
  • ICS-Related Process Appeared on EKANS Ransomware’s Kill List: Researchers at Dragos spotted a sample of EKANS ransomware using a hardcoded “kill” list to terminate several processes associated with organizations’ industrial control systems (ICS). If executed on the right type of system, such functionality could disrupt the view condition of the network.
  • Malicious Android Apps Used for Downloading Malware, Performing Ad Fraud: Researchers at Trend Micro discovered several malicious optimizer, booster and utility apps that could perform ad fraud and download as many as 3,000 malware variants and payloads onto an infected Android device. At the time of writing, the apps were no longer available on the Google Play store.
  • Phishing Campaign Targeting Financial Services Organizations Delivered MINEBRIDGE: In January 2020, FireEye began tracking a phishing campaign targeting financial services organizations primarily located in the U.S. That campaign used carefully crafted phishing documents to download and deploy the MINEBRIDGE backdoor.

Security Tip of the Week: Minimize the Damage of a Ransomware Infection

Security personnel can help their organizations minimize the impact of a ransomware infection by implementing a data backup strategy and regularly testing those backups. They should perform these backups as part of a layered defense strategy that includes anti-virus solutions and security awareness training.

 |  |  |  |  |  |  |  |  |  |  |  | 
David Bisson
Contributing Editor

More from

April 23, 2024

Passwords, passkeys and familiarity bias

5 min read - As passkey (passwordless authentication) adoption proceeds, misconceptions abound. There appears to be a widespread impression that passkeys may be more convenient and less secure than passwords. The reality is that they are both more secure and more convenient — possibly a first in cybersecurity.Most of us could be forgiven for not realizing passwordless authentication is more secure than passwords. Thinking back to the first couple of use cases I was exposed to — a phone operating system (OS) and a…

April 22, 2024

DOD establishes Office of the Assistant Secretary of Defense for Cyber Policy

2 min read - The federal government recently took a new step toward prioritizing cybersecurity and demonstrating its commitment to reducing risk. On March 20, 2024, the Pentagon formally established the new Office of the Assistant Secretary of Defense for Cyber Policy to supervise cyber policy for the Department of Defense. The next day, President Joe Biden announced Michael Sulmeyer as his nominee for the role.“In standing up this office, the Department is giving cyber the focus and attention that Congress intended,” said Acting…

April 18, 2024

Unpacking the NIST cybersecurity framework 2.0

4 min read - The NIST cybersecurity framework (CSF) helps organizations improve risk management using common language that focuses on business drivers to enhance cybersecurity.NIST CSF 1.0 was released in February 2014, and version 1.1 in April 2018. In February 2024, NIST released its newest CSF iteration: 2.0. The journey to CSF 2.0 began with a request for information (RFI) in February 2022. Over the next two years, NIST engaged the cybersecurity community through analysis, workshops, comments and draft revision to refine existing standards…

Topic updates

 Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today
© 2024 IBM Contact Privacy Terms of use Accessibility Cookie Preferences
Sponsored by si-icon-eightbarfeature