IRS-Themed Ransomware Using Old-School Tactics

Over the past week, researchers have discovered a new ransomware variant that attempts to impersonate both the IRS and the FBI, similar to the FBI lockscreen malware that was popular several years ago. By tricking the victim into opening a link to a fake FBI questionnaire, the ransomware is downloaded onto the machine and begins encrypting. Fortunately, both the FBI and the IRS are taking great measures to alert possible victims and to catalog any scam emails that are being sent out.

History Repeats Itself at UK NHS District

Back in May, the UK’s National Health Services fell victim to a large WannaCry ransomware attack. While most of the districts have since regained full functionality, the district of Lanarkshire has once again been targeted. A cyberattack on its staffing and telephone systems left the district with only emergency services for several days. This event just reinforces the importance of updating security on critical systems before an attack, and even more so after one as devastating as WannaCry.

Worldwide Spread of Android DDoS Malware

A recent study found that hundreds of thousands of Android mobile devices had been compromised by a malware variant designed to turn them into a large-scale DDoS botnet. With hundreds of apps carrying the malicious code, it’s unsurprising that devices in more than 100 different countries have been linked to this WireX botnet, which was recently dismantled by security researchers from several different companies.

Hurricane Harvey Brings Out Scammers

As donations have poured in to support the victims of Hurricane Harvey, so too have stories of scammers looking to profit from their tragedy. Many fraudulent non-profit websites have already been registered and are seeing an exponential increase in traffic, along with large donations that will never reach the intended recipients. Phone scams have also been on the rise, with people impersonating relief organizations and other assistance groups to get information and money from victims of the storm.

Payment Records Compromised at UK Tech Retailer

In more tough news for UK citizens, officials at CeX have confirmed unauthorized access to payment records of nearly two million user accounts on their online site, Fortunately for many of the site’s users, CeX stopped storing customer payment information back in 2009, so most of the cards on file are likely expired. Customers have been advised to watch their accounts for any suspicious activity in the coming months, and to change their passwords as a precaution.

The post Cyber News Rundown: Edition 9/1/17 appeared first on Webroot Threat Blog.