In the last few hours, several computer alarms have occurred around the web, due to 4 hacker attacks that would aim to spread the Nerbian trojan, REvil and Magnifer ransomware, and AvosLocker malware.
The action of cybercriminals does not stop and, even in the past few hours, they have returned to strike users, with a fearsome poker of hacker attacks, mostly of the ransomware type and, that is, ready to hold the victims’ data hostage targeted.
Despite being in a fairly quiet phase of the pandemic, the coronavirus topic continues to interest people. Hackers are aware of this and are using it, according to Proofpoint experts, to deliver the remote access trojan (RAT) Nerbian which, first spotted on April 26, is particularly affecting Spanish users. , Italians and English. Its propagation takes place through spam campaigns that convey e-mails allegedly attributed to WHO, the World Health Organization, which would concern the new security measures it has ordered regarding Covid-19.
The user unaware of the danger that he should click on the boasted official document attached, a manipulated word file, will actually only activate a chain of macros that will lead to installing Nerbian, with related screen screenshot and keylogging functionality, i.e. storing (in encrypted form) all when typed on your keyboard. The advice of security analysts, in this case, in addition to having a constantly updated antivirus on your computer, is to always keep macros disabled on Office documents received.
Another cyber threat was reported by the portable Bleeeping Computer, which reports an alert from the Avast security house. In this case it is the return to the field of the REvil ransomware, whose infrastructure on the TOR network would have resumed functioning: the updated malware, by virtue of the analyzed sample, would carry the release number 1.0 but, also considering the same ransom request of the predecessor, it would appear more than anything else an update of his release 2.08, with changes that would allow to hit particular accounts.
No less worrying would be the alarm launched by the security company TrenMicro which, specifically, witnessed the return to the field of the AvosLocker malware, through a very elusive variant. The latter, having penetrated the victims’ systems, would install AnyDeskMSI locally. a remote desktop tool, which would allow hackers to install other tools from their command and control server, perhaps to scan the local network and disable the security solutions identified there.
Finally, from the ZeusNews portal comes the report of another ransomware-type threat. The latter affects users who, in searching for pirated programs on ad hoc sites, proceed to download some files, with names similar to Security_Upgrade_Software_Win10.0.ms or Win10.0_System_Upgrade_Software.msi, who pretend to be legitimate Windows updates, even if they actually contain the Magnifer virus.
If you had fallen into the trap, this malware would proceed to delete the shadow copies on the computer, encrypt the files (with an extension of 8 randomly sequenced characters), and deposit in each folder an instruction file readme.html in which it would be explained that, to get the data back, it would be necessary to pay the hefty sum of about 2,500 euros (in bitcoin 0.068). This, however, only if you agree to pay within the first 5 days of the attack: otherwise, the gabelle to be paid would rise to about 5,000 euros (0.136 bitcoin). Obviously, as a form of caution in this regard, the experts – in this case – always recommend downloading updates for the PC from Windows Update in the system settings or, at most, from the official Microsoft Update Catalog site,