Erich’s “What in the (cyber security) world is going on?” 02-23-17 edition

As usual, things in the cyber social engineering and ransomware world are moving along hot and heavy. W2s are the hot topic for a lot of people right now as they are a hot item with the scammers. Watch yourself and keep your company safe. At least let them know that this is happening.

So, having said that, let’s start the recap!

Trend Micro Ransomware File Decryptor Covers a Decent Number of Strains

While not perfect, this is a nice little tool to have in the toolbox just in case. I haven’t tried it personally, but it is said to decrypt files infected from the list below. Keep in mind there are some issues with certain strains, such as CryptXXX V3 and CERBER, so be sure to read the instructions and notes before proceeding. Hopefully you will never need this, but if you do, good luck.


Phishing attack nabs hospital employees’ W-2 info

Citizens Memorial Hospital got hit with a W2 scam. This is really big this time of year folks. Be careful with sensitive information I have seen a number of orgs, many of them school districts, hit with the W2 scams this year. Protect this info please.


Bingham County Idaho taken down by ransomware

Another County has been taken down by ransomware. The ransom demand here is $25-$30k via Bitcoin or Western union.

“Every department in the county is affected in some way,” “Phone systems, computer systems, everything. Some departments are handwriting documents.”  says Bingham County Commissioner Whitney Manwaring.

The IT staff thought the infection had been cleaned up, but a redundant, backup server was infected again, leading to the county going offline. “We had all kinds of firewalls in place to prevent these kinds of things from happening,” Manwaring told “To prevent this from happening again there will likely be several more firewalls and more training for staff using county computers.” More firewalls? Really? I’m not sure if this was misquoted by the press, or if the County Commish was just not familiar with the terms, but firewalls do very little to stop ransomware. Perhaps they are going to do a better job segmenting the network, and the staff training is a good idea though.


Watch Dogs 2 New DLC Has a Ransomware Storyline

This may be the first time I’ve seen ransomware in a video game. It’s kind of telling as to how mainstream it’s becoming. I can’t speak for the game as I’ve never played it, but the premise of a ransomware fueled story mission is interesting. For those that do play,  it’s supposed to be available March 23rd. Let me know how it is.


Office Inbox Receives 6.2X More Phishing And 4.3X More Malware Than Your Inbox At Home

While this doesn’t mean you should let your guard down at home, it does mean that attacks are focused on organizations more than individuals. Interestingly enough, Companies active in real estate were the most targeted with malware, where  organizations active in Finance, Entertainment and IT were the most targeted by phishing as of Q1 2017.


Names, SSNs and W-2s of current and former employees of Lexington Medical Center lost in data breach

The names, SSNs, and W-2s of current and former employees at Lexington Medical Center are the latest victims of a data breach. They say no patient information was lost and it appears the attack was on the orgs Peoplesoft database. This comes on the heels of a Lexington Co. School District suffering a breach in January where, once again, W2’s were lost.


Things are picking up on my Kippo server

I’ve been playing around with MHN (Modern Honey Network) and some honeypots this week. I appear to have got Kippo running OK on my home network and just bought a server at (for $17.50 to own it forever, it was a no-brainer) where I will add another node. I just knocked out a snort instance on the Kippo box and will wait to see if it reports. I find it fascinating how quickly things get scanned. If you have any tips or tricks for MHN or honeypots in general, let me know please.


Have a great week and stay safe out there!





Erich Kron is the Security Awareness Advocate at KnowBe4, and has over 20 years’ experience in the medical, aerospace manufacturing and defense fields. He is the former security manager for the US Army 2nd Regional Cyber Center-Western Hemisphere.

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.