Unusual case 3: Self-serve ransomware

Unusual case 3: Self-serve ransomware

In a recent ransomware case that was featured in La Presse newspaper, the hacker implemented a simple but very effective scheme. Rather than attacking networks to get his ransomware in, he decided to let users do the work for him. He would just collect the ransom. Bold, right?

Here is the scheme he set up:

• On a discussion board set up for malicious purposes, the hacker created a user named Fluffy who posted a message indicating that he was looking for a biography template to download.
• A user whose nickname is Admin posted a link to download a template of the requested document. But, surprise, that document has a malicious payload. Note that the choice of this Admin nickname is not trivial. Indeed, it suggests that we are dealing with the administrator of the discussion forum, so a credible and reliable person. Who would not trust an admin?
• The user Fluffy adds that this is exactly the document he was looking for. Bingo! The trick is done. Users can now download the booby-trapped document with confidence!

The document downloaded by the Internet user contained ransomware that runs as soon as the user opens the file. The website where the malicious document was hosted was considered to be healthy. As a result, the Internet filtering tools let the download through.

In reality, this whole scheme was set up by one and the same person in order to make the Internet users feel confident and make them lower their guard. And it works! Anyone looking for such a document would surely have clicked on the download link.

For those who want to read the full story, here is the link on the La Presse newspaper website (story in French).

How to protect yourself against this type of attack

Here are seven key steps that will help keep you protected against this type of attack:

• Constantly make users aware of the cybersecurity risks
• Don’t rely solely on antivirus software to protect against viruses and other malicious software
• Deploy security technologies that detect unknown malicious tools and attacks

and zero-day attacks, such Streamscan's CDS technology. These types of attacks are the difficult to detect and most importantly, they cause the most damage to businesses.

• If you don’t have an internal security team, get 24/7 monitoring of your network security with StreamScan’s MDR service. After all, hackers don't take vacations or weekends off.

Need Help? StreamScan is Here.

Whether you need help conducting a security audit, developing a security plan, or want to implement an MDR (Managed Detection and Response solution, StreamScan has experts with years of experience in cybersecurity who can help. Get in touch with us at smbsecurity@streamscan.ai or call us at 1 877-208-9040.