Content, Breach, Content, Ransomware

Ransomware Phishing Attacks Bypass Machine Learning Tools, Comodo Says


New ransomware phishing attacks are using social engineering to engage victims and slip past machine learning algorithm-based tools, according to global cybersecurity solutions company Comodo. The attacks, discovered this month, mimic emails from copier and scanner company Konica Minolta and other industry-leading vendors, Comodo said in a prepared statement.

The aforementioned ransomware phishing attacks featured a scanned document that appeared to be emailed to victims from an organization's scanner/printer, Comodo stated. This document also included the scanner/printer model number of Konica Minolta C224e, one of the most popular models among business scanner/printers.

With the ransomware phishing attacks, cybercriminals used a botnet of zombie computers to coordinate a phishing attack that sends malicious emails to victim accounts, Comodo stated. The botnet enabled cybercriminals to infect victims' machines, encrypt their data and extract a bitcoin ransom.

In addition, the attacks utilized a Locky ransomware payload, Comodo stated.

Locky, which first appeared in 2016, is delivered by email with an attached file that contains malicious macros. It is generally distributed via spam emails that contain a dangerous Microsoft Office file or ZIP attachment.

How Can MSPs and MSSPs Help Customers Combat Ransomware Attacks?

Ransomware attacks show no signs of slowing down any time soon, which is reflected in several recent cybersecurity studies.

"The 2017 State of SMB Cybersecurity" survey conducted by independent research firm Ponemon Institute and password management and digital vault specialist Keeper Security revealed 52 percent of small and medium-sized businesses (SMBs) have experienced a ransomware attack this year. Comparatively, 2 percent of SMBs suffered a ransomware attack in 2016, the survey showed.

Meanwhile, the annual ransomware report from antivirus and internet security solutions company Kaspersky Lab indicated 18,625 mobile Trojan-ransomware installation packages were launched in the first quarter of 2017, a 3.5x increase quarter over quarter.

To protect customers against ransomware attacks, MSPs and MSSPs can learn about ransomware attacks and implement multi-layered security strategies. That way, MSPs and MSSPs can provide expert cybersecurity guidance to safeguard customers against ransomware and other advanced cyberattacks, according to Tyler Moffitt, senior threat research analyst at cybersecurity and threat intelligence company Webroot.

"Make sure aware of the threat how it's spread," he said. "In addition to that, you need to have multi-layered security that's going to protect against all the different types of vectors."

Dan Kobialka

Dan Kobialka is senior contributing editor, MSSP Alert and ChannelE2E. He covers IT security, IT service provider business strategies and partner programs. Dan holds a M.A. in Print and Multimedia Journalism from Emerson College and a B.A. in English from Bridgewater State University. In his free time, Dan enjoys jogging, traveling, playing sports, touring breweries and watching football.