LTS Secure Warning: Hakbit Ransomware Being Delivered In New Spear-Phishing Campaign

Security researchers have identified a new ransomware campaign, dubbed Hakbit, in which mid-level employees are being targeted, across Austria, Germany & Switzerland. Malicious Microsoft excel files are being delivered to employees via popular email provider GMX.

Technical Details

The initial spear-phishing email uses financial lure to grab the user’s attention. The mail then contains a malicious excel attachment, which if, opened by the user, displays a prompt to them, requesting them to enable macros. If turned on, the GuLoader gets download & executed on their machine.

The GuLoader is primarily used as a dropper, responsible for delivering second stage malware. The loader goes ahead to download & execute the Hakbit Ransomware, which encrypts the victims using AES-256 encryption. Once the encryption is done successfully, a ransom note is dropped, demanding the victim to pay 250 Euros in Bitcoin, in order for them to receive the decryption instructions & keys.

Impact

• Loss of Productivity.
• Downtime in Business Critical operations.
• Temporary or Permanent loss of Sensitive/Confidential data.

Recommended Actions

• Create a solid backup strategy
• Avoid Opening emails & attachments from unknown senders.
• Ensure that your devices are always up-to-date with the latest patches released.
• Regularly update your antivirus software & perform malware scans to protect against unknown threats.
• Make proper security configuration for Firewall/IDS/IPS/Endpoint Protection systems so that no holes are left barred.