Since last week I’ve been following some fascinating reports about the return of this ransomware behemoth. There are increasing accounts about the resurgence of CryptoLocker ransomware. As we have learned with Lazarus Group and Shamoon, just because it’s dormant doesn’t mean it’s dead.
Attacks have been steadily climbing since January. And what is interesting is how attackers are leveraging the Certified Electronic Email in Italy to spread the joy. This service is used by people who want the assurance they are getting a high level of security. The attack vehicle was a carefully crafted email featuring a digital signature to appear very trustworthy. Attackers utilized Italy’s Certified Electronic Email which legally is like a registered letter, to deliver invoices hiding spam. And it worked. This parallels the similar rise in Dridex in Switzerland reported mid February, again leveraging trusted email providers. As we know, phishing works. “Trust” works. Put the two together … …Attacks were predominantly in Europe, the staging ground for Russian cybercriminals before they launch their malware on America. Attacks are now heavy in the Netherlands, and have landed on American shores as confirmed by Microsoft’s Malware Protection Center.