So, yeah… I’ve been away for a bit. Been a pretty crazy last few weeks with a lot of traveling and some illness tossed in for good measure. Hanging out in “germ tubes” (some people call them airplanes) may have caught up with me, but things have not stood still, so let’s get started…
There was this election thingy.
Some folks are too happy, some are too sad, I for one am thrilled that the TV commercials are done. I spent about a week peeking in to Facebook and leaving quickly to avoid the drama. It’s dropped off a bit (for me it seems) but there is still a lot of emotion going on. What does that mean? Phishing emails.
Any time there is an emotional or controversial event, expect that the bad guys are going to try to capitalize on it, and be careful what you click on. In addition, the light has been brought on a number of fake news stories and other clickbait. Do your part to remain calm when you read something and make sure clicks are taking you where you want to go.
I’m already seeing a number of reports of Black Friday themed phishing emails going around. Be careful, if it looks too good to be true, it still might be even with BF going on. Hover the links and look at the reply addresses.
Crysis decryption keys posted
And in some good news, it looks like these folks have taken their ball and gone home. If you were hit by Crysis ransomware, check out BleepingComputer for a possible key. There is more on this in the KnowBe4 blog post today.
Madison County Indiana had a crappy week
The folks in Madison County Indiana has a pretty lousy time when they got hit by ransomware and were down for about a week. It only impacted little things like, you know, the jail and stuff. here are a couple of my favorite quotes from the stories I saw:
Lisa Cannon, director of the county’s IT department, said the county will make sure the system is secure before new data is placed in the system. “We’re in the process of adding a backup system,” she said.
“…both first responders and civic officials are logging all calls for service by hand. Anderson Police, the Madison County Jail and the county court systems are locked out.”
“On the sheriff’s office side, we cannot book people into jail using the computers. We are using pencil and paper like the old days.”
I’m thinking they should train their users as well.
New strain uses Social Media profile of victim
The folks at ProofPoint found a new variant of a browser locker called Ransoc that uses social media information to add credibility to a totally BS extortion attempt. According to multiple FBI Special Agents I have done presentations with, they will never notify you that you should pay a fine like this. They prefer the old knock on the door and show a badge method. Besides that little detail, I do like the ol’ “All money will be refunded to you if you are not caught again within 180 days.” touch. Nice try.
That’s about all I have for today. Take care and be safe
Erich Kron is the Security Awareness Advocate at KnowBe4, and has over 20 years’ experience in the medical, aerospace manufacturing and defense fields. He is the former security manager for the US Army 2nd Regional Cyber Center-Western Hemisphere.