Tag Archives: Heimdal

Heimdal’s Anti-Ransomware Protection Plan

Andra Zaharia, security evangelist at Heimdal, has published a very useful and exhaustive checklist for reducing your exposure to ransomware: The Anti-Ransomware Protection Plan You Need to Follow Today.

I get tired of reading ‘how to defend against ransomware’ articles that miss out vital points like not staying permanently connected to in-the-cloud storage, but this one really does cover most of the angles. Very nice.

David Harley

Two ‘need to know’ ransomware articles

Here are a couple of ‘what you need to know’ articles on ransomware. At some point I might come back to make a few comments about individual points, but in general, if you’re still puzzled as to what it’s all about, you might find some useful thoughts here.

David Harley

Fake IRS refund carries Kovter ransomware downloader

To be precise, the ZIP file distributed by the spam campaign activates Powershell to download a Kovter payload delivering ransomware. The secondary payload is CoreBOT, a highly adaptive form of modular malware.

According to Heimdal’s Andrea Zaharia, the spam message looks something like this:

From: [spoofed / fake return address]

Subject Line: Payment for tax refund # 00 [6 random numbers]

Tax_Refund_00654767.zip -> Tax_Refund_00654767.doc.js

Heimdal analysis: Security Alert: Fileless Kovter Teams Up with Modular CoreBot Malware in IRS Spam Campaign

Commentary from David Bisson for Tripwire: Fake IRS Spam Email Campaign Serves Up Kovter, CoreBot Malware

Added to Ransomware Resources page.

David Harley