‘Lost Files’ Data Wiper Poses as a Windows Security Scanner (Oct 3, 2019)
Malware posing as a Windows Security Scanner is being circulated by email spam, which claims a trojan has been found on the user’s computer. The link leads the user to a “security scanner”, that if downloaded presents a ransom screen demanding $500 in Bitcoins to decrypt the user’s files. While the screen claims to have encrypted the files, in actuality the binary data is corrupt, with the first line removed. It is not known whether the attacker has done this on purpose or not, but has also included weird messages such as ‘Donald Trumps Hair Line’, and messages about Kim Kardashian.
Recommendation: Educate your employees on the risks of opening URLs from unknown senders. Additionally, maintain policies regarding what kind of requests and information your employees can expect to receive from colleagues and management. Anti-spam and antivirus applications provided from trusted vendors should also be employed. All employees should be educated on the risks of phishing, specifically, how to identify such attempts and whom to contact if a phishing attack is identified. Applications should be carefully researched prior to installing on a personal or work machine. Applications that request additional permissions upon installation should be carefully vetted prior to allowing permissions. Additionally, all applications, especially free versions, should only be downloaded from trusted vendors.
Indicators of Compromise (IOCs) associated with this story can be viewed by ThreatStream users here to identify potential malicious activity.