Ransomware note comes in French, ransomware from a resume hits a brewery and beware of remote access control software.
Welcome to Cyber Security Today. It’s Monday September 24th. To listen to the podcast, click on the arrow below:
How’s your French? I ask because one of the latest ransomware attacks makes its threat message pop up on a victim’s computer in French after the malware has encrypted the hard drive. It’s been seen in the U.S., according to Trend Micro researchers. They call this strain of ransomware Virobot, because in addition to scrambling your data the malware takes over your computer and makes it part of a botnet for sending spam. It does that by looking for Microsoft Outlook on the infected computer, then automatically emailing malware to everyone on the contact list. Fortunately, for the moment, Virbot has been neutered because the command and control server it gets instructions from has been taken down. Trend Micro doesn’t explain who did that.
More on ransomware: A newspaper in Scotland reports a small brewery called Arran was victimized when a staff member clicked on a resume attached to an email. The company’s anti-virus software didn’t detect the malware before it began its work. A security expert had to be called in who was able to restore part of their computer system. But three months of data may be lost. The back story to this is interesting: The brewery was advertising for a job opening in the finance department, so naturally staff were expecting to get resumes by email from people in the U.K. Apparently attackers managed to post the ad on international job sites, resulting in dozens of applications. At least one was malicious. It’s tough when an organization is expecting email with attachments, like resumes. But perhaps it’s time HR departments realized that’s risky. Instead they should be willing to accept resumes that are included inline, as part of an email. If they need more detail, follow up. No more attachments.
Finally, remote access software gives someone the ability to log in and look at a computing device when they can’t physically get to it. Your company’s IT department may have the ability to remotely connect to office computers. But the use of remote access software has to be carefully watched. Consumers should make sure this kind of tool hasn’t been quietly installed on their computers by malware, giving attackers secret access to your PC. And as a report issued last week by Kaspersky shows, the same thing is true for industrial computers and devices. Companies can have thousands of Internet connected industrial devices running machines, valves and the like. And an easy way to monitor them is with remote access software. One big problem – just like on regular PCs – is password control. Companies have to make sure the use of remote access software is limited to only a few people. And they should have to use multifactor authentication, not just a simple password. First of course, companies have to do what you should be doing at home – inventory what software is on every machine. Does it really need remote access software? If so, ask if that software protected with tough password control.
That’s it for Cyber Security Today. Subscribe on Apple Podcasts, Google Play, or add us to your Alexa Flash Briefing. Thanks for listening. I’m Howard Solomon.