LTS Secure Warning: Hakbit Ransomware Being Delivered In New Spear-Phishing Campaign
Security researchers have identified a new ransomware campaign, dubbed Hakbit, in which mid-level employees are being targeted, across Austria, Germany & Switzerland. Malicious Microsoft excel files are being delivered to employees via popular email provider GMX.
The initial spear-phishing email uses financial lure to grab the user’s attention. The mail then contains a malicious excel attachment, which if, opened by the user, displays a prompt to them, requesting them to enable macros. If turned on, the GuLoader gets download & executed on their machine.
The GuLoader is primarily used as a dropper, responsible for delivering second stage malware. The loader goes ahead to download & execute the Hakbit Ransomware, which encrypts the victims using AES-256 encryption. Once the encryption is done successfully, a ransom note is dropped, demanding the victim to pay 250 Euros in Bitcoin, in order for them to receive the decryption instructions & keys.
- Loss of Productivity.
- Downtime in Business Critical operations.
- Temporary or Permanent loss of Sensitive/Confidential data.
- Create a solid backup strategy
- Avoid Opening emails & attachments from unknown senders.
- Ensure that your devices are always up-to-date with the latest patches released.
- Regularly update your antivirus software & perform malware scans to protect against unknown threats.
- Make proper security configuration for Firewall/IDS/IPS/Endpoint Protection systems so that no holes are left barred.