Last week, we talked about persistent tech support scammers, a BMW 419 scam, uncovered a malvertising campaign on a popular photo leak forum, and addressed (as best as we can) the survey feedback we received from our PUP Friday readers.

We also raised the question of whether one would store their data on the cloud or not. On top of this, we released an infographic on how businesses—regardless of size—can protect themselves from ransomware.

Lastly, Malware Intelligence Analyst Hasherezade brought us a detailed rundown of Rokku, a ransomware similar to the “doxingware” Chimera. She also released an easier method of recovering files for Petya-affected victims on her personal blog. With this, a YouTube video was posted to illustrate this methodology in action.

Notable news stories and security related happenings:

  • Walmart Mystery Shopper Scam Resurfaces. “The scam starts with a legit-looking check, usually for an amount of up to $2,000, which is mailed to a consumer. The check is supposed to be used at Walmart to purchase items as part of their mystery shopper program, a program that pays random people to shop at their local store and rate their experience through a survey.” (Source: CSO Online)
  • Nationwide Develops New Secure App that Recognises User’s Behaviour. “While the prototype is still in the early stages, Nationwide said that eventually it could be used as additional security for mobile banking alongside more ‘traditional’ methods such as Pins and passwords, as well as using other technology such as fingerprint scanning and voice recognition.” (Source: The Telegraph)
  • Massive Malvertising Attack Poisons 288 Sites. “A malvertising campaign has swamped most of the Netherlands’ most popular sites, affecting millions of users. The campaign began to take root on Sunday, when security firm Fox-IT noted a spike in incidents involving malware exploit kits.” (Source: Sophos’ Naked Security Blog)
  • With Few Options, Companies Increasingly Yield to Ransomware Demands. “It’s a case of asymmetric electronic warfare. Ransomware, which encrypts files until a victim pays to have them unlocked, can be devastating to an organization. Barring an up-to-date backup, little can be done aside from paying the attackers to provide the decryption keys.” (Source: CSO Online)
  • The Professionalisation of Cyber Criminals. “Just as the ongoing digitisation of business activities has lead  legitimate companies to fuse digital and operational strategies, criminals are also adapting their approach. Like any industry, cybercrime periodically goes through change in paradigms, the latest one has been the development of the ‘Cybercrime-as-a-Service’ (CaaS) framework.” (Source: Insead)
  • How Credit Card Fraud in the US Supports Russia’s Underground Economy. “Credit card fraud is big business. Data breaches at high-profile companies are becoming commonplace, and as data collection — and theft — surges, the sale of stolen information has become established as a business in its own right. Unfortunately for victims that often bear no responsibility for such theft, this can lead to pillaged bank accounts and identity theft as goods are purchased using their funds for other purposes.” (Source: ZDNet)
  • The Pros and Cons of Common Access Cards. “Traditional authentication mechanisms, such as username/password combinations, offer only a single factor of authentication: something the user knows. Common access cards, on the other hand, provide two: something the user knows (the PIN) and something the user has (the card).” (Source: C4ISR & Networks)
  • Hackers Hacking Hackers to Knacker White Hat Cracker Trackers. “Malware writers are selling each other out to white hats and hacking through each other’s infrastructure to frame rivals, Shadowserver’s Richard Perlotto says. The treachery is a bid to prompt Shadowserver and fellow malware investigators to take down their rival’s command and control servers and domains. Perlotto says they are happy to oblige.” (Source: The Register)
  • IRS Warns of Continued Scams, Varied Tactics as the Tax Deadline Nears. “The Internal Revenue Service today issued a warning that scammers may try using the April 18 tax deadline to prey on hard-working taxpayers by impersonating the IRS and others with fake phone calls and emails. Even after the tax deadline passes, taxpayers should know the telltale signs of a scam and tips to protect themselves from a variety of phone scams and phishing emails.” (Source: The IRS)

Safe surfing, everyone!

The Malwarebytes Labs Team