Weekly Threat Report - 19th October 2018
US water utility suffers ransomware attack
A US water and sewerage company experienced a ransomware attack earlier this month, whilst it was still recovering from the effects of Hurricane Florence which hit the US East Coast in September. Despite efforts by the company to disconnect its systems from the internet in response, the Ryuk ransomware spread through the network encrypting data.
Prior to the ransomware infection, the company reportedly experienced persistent attacks from the Emotet banking Trojan, which primarily serves as a dropper for other banking Trojans.
The company has not paid the ransom and is, instead, rebuilding its databases,[ii]. As a result of the infection, the company reports it was left with “limited computer systems”, which would “affect the timeliness of services for weeks to come” and necessitate resorting to manual processes for a range of functions. However, it is believed that water and wastewater services will not be affected.
We have reported previously on US examples of the impact on services and costs for organisations affected by ransomware, such as the City of Atlanta.
For advice on how to protect your organisation, see the NCSC’s guidance on mitigating ransomware and other forms of malware.
Publishing House Phishing Warning
Penguin Random House North America has issued an alert to staff following a spate of global phishing scams attempting to access agencies’ and publishers’ manuscripts and other sensitive information.
The UK arm has been similarly targeted, with fraudsters posing as literary agents and foreign-rights staff from seemingly legitimate email addresses. Macmillan has confirmed that it has also been targeted by scammers trying to access manuscripts and has reportedly issued an internal briefing to staff.
Organisations should be vigilant to possible phishing attacks because data which has been accessed could be used to make scam messages more credible.
Fraudsters can use data to make their phishing messages look much more credible, including using real names and statements such as: 'To show this is not a phishing email, we have included the month of your birth and the last 3 digits of your phone number'. These phishing messages may not relate to the organisation that has been breached and may use more well-known brands. The NCSC has guidance on protecting yourself from phishing.
Members of the public that think they may have been a victim of online crime can report a cyber incident using Action Fraud’s online fraud reporting tool, or call 0300 123 2040.