|
Good afternoon,
I wanted to make you aware of an emerging and evolving threat that we are monitoring in the threat landscape and is affecting users around the globe.
What you should know:
There is a very large (live) ransomware campaign targeting organizations with the intent of encrypting them. These attacks have been associated with the Qakbot and IcedID trojans.
Both Qakbot and IcedID are banking trojans that are intended to steal financial information and are closely related to email phishing schemes that contain a malicious payload to encrypt your computers with ransomware.
What we have identified so far:
- The attack starts with a phishing email that has a malicious attachment or link contained within it.
- The victim will then download a file that appears to be a .pdf, however, the file is actually an ISO image.
- A script will run and then mount the ISO file to initiate the attack.
- The attack proceeds to perform reconnaissance with the goal of encryption.
What ITSA is doing to protect clients:
We have taken steps to intensify and harden our cyber protection platform to ensure every managed computer is protected from this attack. Additionally, we are working closely with our Security Operations Center team (SOC) and though unlikely, if there is any evidence of a compromise the following may be done:
- Restoring systems from a known good backup or clean operating system (OS) image.
- Try to identify if the phishing email was sent to any other users to prevent further spread.
-
We also offer a wide range of email security tools that can be added to your stack for additional protection such as Security Awareness Training and Simulation, Advanced Phishing Protection, and more...
If you have questions or concerns, or just want to discuss the level of protection our clients get from our security stack, please reach out to our Help Desk or to me personally.
Thank You, Bruce
Bruce Rosen, Principal/CTO
(610) 543-1500
| 
