A successful Ransomware campaign can even throw giants like Norsk Hydro off the rails. The British police and personnel in this country are currently particularly attentive when opening e-mails. All companies have one topic in common: They work with e-mails and are threatened by a current Ransomware campaign.
Already in 2016 we warned against the Golden Eye Ransomware. However, reports of successful ransomware attacks are currently increasing significantly, although the danger should be more present today than 2016.
Ransomware campaign – currently very successful!
Norsk Hydro, an aluminum manufacturer from Scandinavia, was attacked by LockerGoga Ransomware. It was supposed to be a targeted attack, as unique four-digit codes were used. A detailed description of the incident has already been published.
One aspect that stands out is Hydro’s crisis communication. This was excellent. Webcasts with high-ranking managers were streamed daily, the public was kept up to date via Facebook and the company was switched to “manual operation”. These measures resulted in the company’s share price remaining relatively unaffected. For the CEO, this was definitely a nightmare start. He had taken the position the day before the attack.
The police are not safe from ransomware either Campaign
However, Hydro is not the only company affected by Ransomware. Also the British police was victim of a Ransomware attack . However, it is still unclear which type of Ransomware was used. Other organizations are also being targeted at the moment. A job in North Carolina has fallen victim for the third time in five years .
Ransomware wave in Germany
Ransomware campaigns are particularly popular with HR departments, as they always have to reckon with an e-mail. A successful example of a Ransomware attack is an unsolicited application.
However, the current Gandcrab version 5.2 does something different here. It sends the harmful file attachments to jobs that are actually advertised. This is a very perfidious strategy, since HR staff must now pay close attention to whether you execute macros when opening Word files.
The macros are used to reload the malware. Also emotet is still active in Germany. The CERT association warns on Twitter against e-mails that contain a link to “Open Secure Message”. Behind this lies the malware Emotet.
This post is also available in: Deutsch (German)