• Articles
    • Editorial Articles
    • Research Articles
    • WatchGuard Articles
  • Daily Security Bytes
  • The 443 Podcast
  • Threat Landscape
  • About
    • About Us
    • Contact Us
    • Contribute to Secplicity

Secplicity - Security Simplified

Powered by WatchGuard Technologies

OPM Breach Used as Bait in Phishing Campaign with Ransomware Payload

November 11, 2016 By The Editor

ransomware

This week, cybersecurity firm PhishMe discovered tens of thousands of malicious emails deceptively sent from an “account manager” at the United States Office of Personnel Management (OPM). Likely targeting individuals who were affected by, or simply aware of the 2015 OPM data breach, the emails notified recipients of “suspicious movements”concerning a particular account and encouraged them to open a malicious attachment.

The attachments were loaded with Locky, a particularly nasty crypto ransomware variant. Once it infects a system, Locky encrypts data using AES encryption and then leaves a blackmail letter urging victims to pay a bitcoin ransom to get their data back. It even goes a step further by search for any network share, and encrypting data on those remote shares as well.

There hasn’t been any indication that the attackers behind these emails were targeting OPM breach victims specifically, so while it’s likely that some of those victims may be reached by the attack due to the large number of people affected, it’s also very likely that non-OPM victims have been targeted and deceived as well. Visit Nextgov for the full story.

For more information on Locky, read “New Crypto Ransomware in the Wild” or watch Corey Nachreiner’s Daily Security Byte on the topic. For more information on ransomware in general, check out “Decrypting Ransomware” by Marc Laliberte.

Photo: PC Magazine

Share This:

Related

Filed Under: Editorial Articles Tagged With: cyber security, Hacking, Infosec news, Malware, ransomware, Security breach

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

The 443 Podcast

A weekly podcast featuring the leading white-hat hackers and security researchers. Listen Now
the 443 podcast

Threat Landscape

Filter and view Firebox Feed data by type of attack, region, country, and date range. View Now
threat landscape

Top Posts

  • USA’s Answer to GDPR
  • Rolling PWN
  • Hacker Summer Camp 2022

Email Newsletter

Sign up to get the latest security news and threat analysis delivered straight to your inbox

By signing up you agree to our Privacy Policy.


The views and opinions expressed on this website are those of the authors and do not necessarily reflect the policy or position of WatchGuard Technologies.

Stay in Touch

Recent Posts

  • Hacker Summer Camp 2022
  • Private Sector Offensive Actors
  • USA’s Answer to GDPR
  • Rolling PWN
  • Over a Billion Records Leaked in Shanghai National Police Database Hack
View All

Search

Archives

Copyright © 2022 WatchGuard Technologies · Cookie Policy · Privacy Policy · Terms of Use