EXECUTIVE SUMMARY:
Way back when, around the dawn of the internet and cybercrime, one of the first cyber incidents to be unleashed on the world was the ILOVEYOU worm. It was launched in 2000, reportedly infecting 45 million machines worldwide, leaving a trail of $8 billion in damages. Fast forward to today and the hackers are still busy, trying to wring as much out of Valentine’s Day as Hallmark does.
GrandCrab ransomware, one of the more notorious ransomware threats, is being spread via phishing emails with romantic subject lines, reports ZDNet. “The body of the email only contains a * symbol and comes with an attachment – a zip file containing a JavaScript file. The file name follows the same pattern in every malicious email – ‘Love_You_2018_’ followed by seven or eight random digits.”
Those who are unlucky enough to fall prey to the ransomware are warned that if they don’t pay within seven days, the ransom will be doubled. They’re also given advice on buying and using cryptocurrency, complete with a live chat help window. According to ZDNet, the campaign could be stemming from cybercriminal customers taking advantage of a GrandCrab ransomware as a service scheme.
Meanwhile, a dating app known as Coffee Meets Bagel informed its users today that it had suffered a data breach. According to reports, the data leak was part of a larger breach affecting a number of apps as detailed yesterday by The Register. More than 617 million account records were released on the dark web, of which 6 million were from Coffee Meets Bagel.
Valentine’s Day might not be a day that’s typically on the CISO radar, but maybe it should be. “While campaigns relating to holidays have traditionally focused on consumers, they’re increasingly targeting business email accounts – providing attackers with a means of encrypting corporate networks and demanding larger ransoms than they could squeeze out of individual victims,” reports ZDNet.
In addition to the usual requisite cyber protections and practices, perhaps it’s also wise to harden your heart today–at least while operating in the cyber world.
Get the full story at ZDNet.