The PhishLabs Blog

Exploiting Weakness: Why Healthcare is an Obvious Ransomware Target

Posted by Lindsey Havens on Jan 24, '17


Since the start of 2015, healthcare has been hit with more ransomware than any other industry.

Headlines abound with tales of healthcare organizations declaring states of emergency, turning away patients, and often opting to pay ransoms just to end their nightmare.

Read More

Topics: Ransomware, Healthcare

The Top 9 Reasons Healthcare Organizations are a Hacker’s Best Friend

Posted by Lindsey Havens on Jan 10, '17

In recent years, healthcare organizations have been attacked with more frequency, velocity, and fervor than any other industry. IBM dubbed 2015 “the year of the healthcare breach” in their 2016 Cyber Security Intelligence Index, and if recent headlines are anything to go by 2016 wasn’t much better.

But why are healthcare organizations targeted so consistently? On the surface, gambling sites and financial institutions would seem like better targets, so what is it about healthcare organizations that threat actors find so tempting?

In the end, it all comes down to one factor: Money.

Read More

Topics: Data Breach, Ransomware, Security, Healthcare

Why Ransomware Works, Why it Doesn't, and What it Will Work on Next

Cybersecurity is a field defined by its dynamism, as is crime. When analyzing trends to assess the future of these two
frequently overlapping spaces, the most efficient way to separate persistent threats from hype is by asking not just where the money is, but what the easiest way is to get it. While ransomware has had a lock on headlines all year, the most recent news stories all seem to emphasize increases in attacks targeting educational institutions, state and local governments, and healthcare organizations. Let's examine why this change from shotgun targeting to more focused targeting is happening. 

Read More

Topics: Ransomware

Ransomware Reload & Definitive Resource Guide

Posted by Lindsey Havens on Oct 21, '16

If you have been following our Cyber Security Awareness Month series,  we applaud you for taking steps to become #CyberAware. We want you to be in best position to keep your organization safe and prevent the next attack. 

If you're just joining us, no worries! We will walk you through the actions you should be taking to prevent attacks like ransomware from gaining a footholinside your network. 

How to Defend Against Ransomware.jpgAround 1.5 percent of spam emails contain malicious attachments or URLs, along with content designed to manipulate people into opening them. This technique, known as phishing, has become an overwhelming favorite of threat actors in the past few years, primarily because it’s a cheap, effective, and a fast way to compromise targeted networks. Phishing has been far and away the most popular delivery method for ransomware, and the continued evolution of text-based social engineering attacks has been a significant factor in the rise of ransomware.What should we do about it? For starters, we must stop being easy targets. Education is the key. Here you will find a comprehensive list of resources for fighting back. Let's get started! 

Read More

Topics: Ransomware, Cyber Security Awareness Month

Pay Up: The 2016 Definitive Guide to Ransomware

Posted by Lindsey Havens on Oct 19, '16

Right now most organizations are completely unready to cope with ransomware, both from security and recovery standpoints. In many cases, even basic security protocols such as consistent vulnerability management are lackluster or missing entirely, and threat actors are making millions of dollars every year as a result. 

That’s why, as part of our   Cyber Security Awareness Month series,  we are helping you take action by sharing our best resources on ransomware. 

In an effort to fight back together against cyberattacks, download this free copy of our Ransomware Whitepaper where we explore the growing threat of ransomware, and what you can do to keep your organization secure. We will walk you through the actions you should be taking to prevent ransomware from gaining a foothold inside your network, and how to make your security program the best it can be. 

Read More

Topics: Ransomware, Cyber Security Awareness Month

#CyberAware: Spotlight on Ransomware

Posted by Lindsey Havens on Oct 18, '16

We field a lot of questions about ransomware, but there’s one in particular that comes up time and time again. “Are we at risk from ransomware?” It’s not a difficult question to answer. Yes, you’re at risk… Everybody is at risk. 

You see, there are plenty of ways for threat actors to spread ransomware. They create fake online advertisements and pop-ups, exploit known vulnerabilities to gain access to corporate networks, and they even drop USB sticks loaded with ransomware in public places. They’re pulling out all the stops to infect your systems with ransomware, so yes, you need to be concerned.

Read More

Topics: Ransomware, Cyber Security Awareness Month

Federal Trade Commission Hosts Ransomware Workshop

Posted by Lindsey Havens on Sep 9, '16

The Federal Trade Commission (FTC) responded to the rising ransomware threat on September 7, 2016 with a technology workshop in Washington, D.C. The workshop brought security experts, including PhishLabs' Vice President of Threat Research, Joseph Opacki, together to address common questions and concerns around the ransomware threat. Opacki  joined a panel during the workshop to educate the audience on the overall landscape of the ransomware threat and reasons it's proliferating at such a high pace.

Read More

Topics: Ransomware

Alma Ransomware: Analysis of a New Ransomware Threat (and a decrypter!)

With low overhead and risk of prosecution, ransomware attacks have outpaced banking Trojans in sheer number of incidents, if not profit.  Ransomware’s rapidly growing popularity has spawned dozens of variants, subtypes, and families as threat actors seek to outmaneuver researchers and competitors. In this dynamic threat landscape, alongside monitoring the established ransomware families for any change in tactics, techniques, or procedures, we monitor social media and underground markets for emerging threats. Through this process, our team was alerted to and began an investigation of what is likely a new threat actor’s first attempt at ransomware design and distribution.

Recently we observed a new type of ransomware, called Alma Ransomware, being delivered via exploit kit. Often hidden on web servers, exploit kits (EK) are toolkits used by threat actors that exploit vulnerabilities in visiting users’ web browsers to deliver malicious payloads.  Alma Ransomware (MD5 Hash: 92f8a916975363a371354b10070ab3e9) was observed being delivered via the RIG Exploit Kit. The malicious payload tripped only one indicator on VirusTotal at 2016-08-22 14:51:15 UTC:

 Figure 1: VirusTotal indicator from day 1 of circulation.

Read More

Topics: Ransomware

So You've Been Infected with Ransomware...

Posted by Jenny Dowd on Aug 18, '16

That awful moment…

You’re working away, getting tasks ticked off left and right… 

And then it happens. A terrible sinking feeling grips your stomach, and you know immediately what’s happened.

You’ve been infected with ransomware. The screen in front of you is filled with demands about Bitcoins, Tor, and encryption keys.

So what now?

You’ll have to tell your boss, of course. But once that’s done, there are some important tasks for you to complete.

Read More

Topics: Phishing, Hacker Tools, Ransomware, Spear Phishing

Phishing Attacks Come in a Wide Variety of Flavors...Make Sure Your Employees Get a Taste of Each

While more organizations than ever before recognize the need to educate and train their employees on the dangers
of phishing attacks, it’s important that those in charge of training make sure employees understand that not all phishing probes are alike. That’s because recognizing the “smell” of a phishing attempt is a powerful defense against17_MA_the-New-Face-of-BEC-in-the-Coming-Year.jpg the malicious bag of tricks used by cybercriminals to breach your security. 

In 2015, PhishLabs analyzed more than 1 million confirmed malicious phishing sites residing on more than 130,000 unique domains. While the typical consumer phishing attack has garnered much attention, the specialized business spear phishing attack poses increasing risk for a company and its employees. 

Here’s a brief menu of the types of phishing attacks your employees need to recognize and avoid. 

Read More

Topics: Phishing, Ransomware, Spear Phishing


What's this all about?

The PhishLabs Blog is where we share our insights and thoughts on cybercrime and online fraud.

Upcoming Events