'Jaff' argh snakes: 5m emails/hour ransomware floods inboxes The Necurs botnet has been harnessed to fling a new strain of ransomware dubbed "Jaff". Jaff spreads in a similar way to the infamous file-encrypting malware Locky and even uses the same payment site template, but is nonetheless a different monster. Attached to dangerous emails is an infectious PDF containing an embedded DOCM …
If you want to hit businesses then PDF attachments are the best route. I guess it's time to go back to ASCII text for email and ban attachments altogether.
"I would like to shake the hand of the man who first decided that e-mail clients should slice, dice and run arbitrary programs. Then I'd like to stir, blend and puree his hand." - sigmonster quote from the Monastery
thanks aCynic , yes canonically the email provider test is at mesa.jrc.ec.europa.eu (why we need three 'europes' in the URL is beyond me!)
a typical result is here
STARTTLS CERTIFICATE SPF DKIM DMARC DANE DNSSEC
100 50 100 100 100 0 0
which ended up providing 'minimum security' - all weird & wonderful providers welcome
"When will they get serious about this and go after these guys. I'm sure that if it hit some law enforcement facility they might, but as of now I don't see any action."
The 'law enforcement' types are too busy misleading the press on how illegal Kodi is. Where's the income opportunity in going after actual criminals like the ones we read about in this latest exploit?
Nothing unusual about spam based ransomware
" Forcepoint Security Labs reports that malicious emails carrying Jaff are being cranked out at a rate of 5 million an hour on Thursday"
"The sprawling Necurs botnet went dormant around the start of the year before returning to spread Locky and more recently a pump-and-dump stock price scam. It's unclear if this week's switch to Jaff will be sustained but this likely depends on the success of the ransomware's "opening run"
The one that was opened in various NHS trusts just had the added "spread by network share bug" uncovered by NSA.
People are not only clicking on link or opening attachments, but ALSO at LEAST once clicking on OK.
Patches can be good (sometimes bad), but Training and decent IT, almost all the time is the best solution.
Mitigation:
1) Don't click on links or open attachments in email ever, unless expecting them. Hover mouse on links to see where they really go. (Training)
2) Switch off/disable/uninstall all services not used
3) Use properly configured on premises mail server appliance (free linux box and open source POP/SMTP/IMAP no need for Windows Server + Exchange) if more than three users. Mostly strip/textualise links and quarenteen attachments.
4) Only open document attachments with software that can't run macros or Active X or VBS
2 to 4 are basic IT skills. Most MCSE/MCP courses are useless. I was an MCP with over 80% score in four MCSEs. They are rubbish. Microsoft marketing.
The Register 
Biting the hand that feeds IT
Copyright. All rights reserved © 1998–2024
