Olympic Themed Attach deleting critical documents

Sales Pitch Summary

CPOC News Playlist with all the most actual news from Cyber Protection Operation Center. Spend just 10 minutes to get equipped for the next partner’s call!

1. Attackers are using email to deliver a malicious wiper that is designed to delete documents, using the lure of providing information about cyberattacks related to the 2020 Tokyo Olympics. Acronis Cyber Protect includes a simple backup solution to restore deleted files, while also proactively stopping this wiper, and other malware, with its AI and behavioral detection engines.

2. MosaicLoader malware is currently being distributed through paid web advertisements. Acronis Cyber Protect blocks the URL access to the malicious site and blocks any payload which might be downloaded.

3. Research released recently indicates that, despite Emotet being thwarted, Microsoft Office documents being used to deliver malware is growing. The percent of malware being delivered via malicious Office documents has gone from 20% to 43%. Acronis Cyber Protect’s Advanced Email Security recognizes malicious attachments and keeps them out of your inbox.

4. LockBit’s latest ransomware is now automating its encryption of a Windows domain using Active Directory group policies. LockBit typically ransoms victims for $85,000 and recently made news when they hit the UK’s Merseyrail. Acronis Cyber Protect’s Active Protection recognizes these newest malicious behaviors and stops them.

5. Malware groups are constantly changing. We have recently seen Emotet famously taken down, as well as the Darkside ransomware group, and Avaddon, DoppelPaymer, and REvil appeared to bow out. Now three new ransomware gangs have appeared, but they may just be a rebranding of past gangs. Whether new, rebranded, or existing, ransomware is no match for the Active Protection included in Acronis Cyber Protect, which recognizes the behaviors of ransomware, and stops it before your data is put at risk.

Video link to Cyber Protection Operation’s Center update on this topic

In keeping with the theme of using current events as a lure for victims to interact with malicious files, a new campaign is using the Olympics to trick victims into running a piece of malware that deletes their files.

 The wiper, delivered through malicious emails, targets Microsoft Office files, as well as files created with the Ichitaro Japanese word processor, and TXT, CSV, and LOG files, which often contain passwords, databases, and logs.

The malicious file is an EXE file disguised to look like a PDF, titled [Urgent] Damage report regarding the occurrence of cyberattacks, etc. associated with the Tokyo Olympics.exe. The file also reaches out to the adult video site, XVideos, in what is presumed to be an attempt to convince investigators that the infection came from malware downloaded from porn sites.

• Acronis Cyber Protect detects malware like this wiper with its multi-layered detection engines, including AI-powered and behavioral detection, stopping it before your data is lost. The included local and cloud backup solutions also allow for fast recovery of deleted data on unprotected systems.

Video link to Cyber Protection Operation’s Center update on this topic

LockBit’s latest ransomware is now automating its encryption of a Windows domain using Active Directory group policies.

LockBit typically ransoms victims for $85,000 and recently made news when they hit the UK’s Merseyrail. LockBit generously shares 70-80% of ransom payments with their recruited affiliates.

• In a recent announcement, the group released a new features list that included the ability to easily and automatically disable Microsoft Defender then execute ransomware on an entire network. The group is also borrowing Egregor’s “print bomb” trick that continually prints ransom notes from all networked printers.

• While ransomware gangs are always adding new tools to their arsenal, these behaviors are easily stopped. Acronis Cyber Protect’s Active Protection recognizes these malicious behaviors and stops them.

Video link to Cyber Protection Operation’s Center update on this topic

• Attackers are serving paid advertisements leading to MosaicLoader when users are searching for pirated software. The cyber criminals take a lot of effort to mimic legitimate software.

• The initial malware can be used to install further payloads on the system through a complex multi-stage process. It is known to install cryptocurrency mining trojans and info stealer threats.

• Infections have occurred across the globe and Acronis Cyber Protect has already protected more than 50 customers in the first few days.

• Acronis Cyber Protect uses URL Filtering to block the URL access to the malicious site and blocks any payload which might be downloaded with its included AI-based and behavioral detection engines.

Video link to Cyber Protection Operation’s Center update on this topic

• There has been a lot of pressure on malware operators over the past year. Emotet and DarkSide were taken down by joint task forces, the pressure seemed to be too much when Avaddon released 2,934 decryption keys, and both DoppelPaymer and REvil mysteriously went dark.

• In the past couple of weeks, three “new” ransomware gangs have taken the spotlight, but they share some striking similarities to the gangs of the past. Haron, BlackMatter, and Grief have come onto the scene, with Grief already showing activity in their attack on the German district of Anhalt Bitterfeld, and another attack on St. Clair County in the U.S. state of Illinois.

• Recent reports by cybersecurity experts indicate that each of these new groups may have ties to one that has recently shut down. It is suspected that DoppelPaymer may have rebranded as Grief, while Haron shares some similarities with Avaddon and BlackMatter bears a striking resemblance to DarkSide – with a touch of REvil.

• Whether it is existing ransomware, new, or rebranded, ransomware is no match for the Active Protection included in Acronis Cyber Protect, which recognizes the common behaviors of ransomware, and stops it before your data is put at risk.

Video link to Cyber Protection Operation’s Center update on this topic

• New research released recently indicates that, despite Emotet being thwarted, Office documents being used to deliver malware is growing.

• At the beginning of 2020, the percent of malware being delivered via malicious Office documents was 20%. Now, the percent has risen to 43%.

• While Emotet led the way with delivering infected documents to spread more malware, other groups have taken note of its success and continued the trend.

• Overall, email continues to be a leading vector for distributing malware including the type this new research highlights. Acronis Cyber Protect’s Advanced Email Security recognizes malicious attachments and keeps them out of your inbox.

Leave a Reply

Your email address will not be published.