Microsoft’s Windows Security Blog on Technet: New tech support scam launches communication or phone call app
“A new tech support scam technique streamlines the entire scam experience, leaving potential victims only one click or tap away from speaking with a scammer. We recently found a new tech support scam website that opens your default communication or phone call app, automatically prompting you to call a fake tech support scam hotline.”
The scam is supplemented by an audio message from ‘Apple Support’ (yeah, right…) that threatens to ‘disable and suspend your Mac device’ if the prospective victim closes the ‘alert’ window. However, the scam is ‘optimized for mobile phones’.
Commentary from Zeljka Zorz for HelpNet: New scam launches users’ default phone app, points it to fake tech support hotline
For Sophos, Mark Stockley describes how scammers are using RDP, a tool intended to cut down network and system administration costs for companies by allowing sysadmins and help-desk operators to access their customers’ systems remotely, to give them almost unlimited potential to reconfigure apps and services, making installing and executing ransomware a breeze.
Ransomware-spreading hackers sneak in through RDP
The second part of a two-part report by Intermedia deals specifically with ransomware and includes a link to a video which I’m afraid I haven’t watched. There are also some interesting statistics. When a ransom gets paid, who pays it? According to Intermedia, 59% of employees have paid personally, and only 37% of those surveyed said that their employer had paid. (Which may say something sad about employee attitudes and unpleasant about employer attitudes.) Yet the company has previously reported that 19% of companies didn’t get their data back. (In sharp contrast to claims that ransomware gangs usually recover data because that’s their business model.) I’d guess that with the increase in wiper activity in recent months, the 2017 figures for unrecovered data could be appreciably here. (Are wipers ransomware? Well, that depends on individual cases, but they do often present themselves as if they are.)
ESET reports that “ESET researchers have spotted the first-ever ransomware misusing Android accessibility services. On top of encrypting data, it also locks the device.”
DoubleLocker: Innovative Android Ransomware
The estimable Paul Ducklin (sorry not to have seen you at VB this year, Duck!) advises us to Watch out for these high-pressure Apple malware scams.
To be precise, a couple of tech support scams and a fake Flash Player update. Ho hum… Still, the first one is particularly interesting, if you’re a connoisseur of these things.
…from my old (in the nicest way possible) mate Roger Thompson. I haven’t been following the blog closely so far, but Roger has lots of hands-on experience in the industry (far more than I do): I don’t doubt that he knows what he’s about…
Thompson Cyber Security Labs
Bill Brenner for Sophos: What’s at risk from nRansom? Your memories of Thomas the Tank Engine.
A hoax (or possibly a test) then, rather than real ransomware. But not terribly well executed.
From Motherboard: This Ransomware Demands Nudes Instead of Bitcoin. To be precise, at least ten nude photographs of the victim. Real ransomware or an unpleasant prank: well, quite a few AV engines detect it as malware, according to VirusTotal. More info if and as I receive it.
Bleeping Computer: New Nuclear BTCWare Ransomware Released (Updated)
Lawrence Abrams notes: “Michael Gillespie discovered that the developers of this variant messed up on the encryption of files greater than 10MB in file size and will not be able to decrypt them. It was also discovered that this same behavior was seen with other files of random sizes. Therefore, it is advised that you do not pay the ransom as there is a good chance many of your files not be able to be decrypted.”