LTS Secure Warning: Hakbit Ransomware Being Delivered In New Spear-Phishing Campaign

Security researchers have identified a new ransomware campaign, dubbed Hakbit, in which mid-level employees are being targeted, across Austria, Germany & Switzerland. Malicious Microsoft excel files are being delivered to employees via popular email provider GMX.

 

Technical Details

The initial spear-phishing email uses financial lure to grab the user’s attention. The mail then contains a malicious excel attachment, which if, opened by the user, displays a prompt to them, requesting them to enable macros. If turned on, the GuLoader gets download & executed on their machine.

The GuLoader is primarily used as a dropper, responsible for delivering second stage malware. The loader goes ahead to download & execute the Hakbit Ransomware, which encrypts the victims using AES-256 encryption. Once the encryption is done successfully, a ransom note is dropped, demanding the victim to pay 250 Euros in Bitcoin, in order for them to receive the decryption instructions & keys.

 

Impact

  • Loss of Productivity.
  • Downtime in Business Critical operations.
  • Temporary or Permanent loss of Sensitive/Confidential data.

 

Recommended Actions

  • Create a solid backup strategy
  • Avoid Opening emails & attachments from unknown senders.
  • Ensure that your devices are always up-to-date with the latest patches released.
  • Regularly update your antivirus software & perform malware scans to protect against unknown threats.
  • Make proper security configuration for Firewall/IDS/IPS/Endpoint Protection systems so that no holes are left barred.