New Ransomware Scam Using Your Own Printer to Dupe You

By:  |  Category: Security Friday, September 29th, 2017  |  No Comments

A new week—a new scam. This time the bad guys have devised a new ransomware phishing attack, tricking users to open what looks like a document scanned from an internal Konica Minolta C224e. Don’t have a Konica? That’s good, because most office do. This model is one of the most popular business scanner/printer in the world and the emails are written to make the user think that the communication is from a vendor.

It’s basically the Locky virus disguised as a new one.

This new campaign hit businesses on Sept 18th and it features a sophisticated new attribute, allowing it to slide past many of the machine learning algorithm-based software sold by some of the industry’s most popular vendors, said security firm Comodo.

“The method of phishing is by an attachment of an email; the attachment is disguised as a printer output, and it contains a script inside an archive file,” said Fatih Orhan, vice president of Comodo Threat Research Labs. “These are not enough to make a phishing detection.”

It’s the third recent Locky attack. As in previous attacks, the hackers are using a botnet of zombie computers which makes it hard to block in spam filters.
“Employees today scan original documents at the company scanner/printer and email them to themselves and others as a standard practice, so this malware-laden email looks quite innocent but is anything but harmless,” the report continues.

The most intriguing element of this new campaign involves the way the hackers manage to evade anti-malware software.

Here is how they do it:

“Machine learning algorithms need to extract the attachment, open the archive, extract the script and understand it has a malicious intent,” said Orhan, the Comodo research head. “But usually, these scripts contain just a download component and do not have malicious intent on their own.”

“That’s why even machine learning is not sufficient in making these kind of detections,” he continued. “Complex solutions are needed to run the script dynamically, download actual payload, and perform malware analysis to conclude that it is phishing.”

Basically, the bad guys are once again one step ahead.

What is your best defense?

Your users are best and last line of defense, when all filters have failed. You need to create a human firewall.

Security awareness training is the way to go.

Let EnhancedTECh update your staff on cyber awareness training. Give us a call at 714-870-9330 or contact us at [email protected]


Source image: https://www.pexels.com/photo/black-sd-card-adapter-on-white-device-193057/

Leave a Comment
Read previous post:
Need Bitcoin Now?

In desperate need of Bitcoin? I'm guessing you got hit by Ransomware. Bummer! So, what's the protocol here? What are...