This week, cybersecurity firm PhishMe discovered tens of thousands of malicious emails deceptively sent from an “account manager” at the United States Office of Personnel Management (OPM). Likely targeting individuals who were affected by, or simply aware of the 2015 OPM data breach, the emails notified recipients of “suspicious movements”concerning a particular account and encouraged them to open a malicious attachment.
The attachments were loaded with Locky, a particularly nasty crypto ransomware variant. Once it infects a system, Locky encrypts data using AES encryption and then leaves a blackmail letter urging victims to pay a bitcoin ransom to get their data back. It even goes a step further by search for any network share, and encrypting data on those remote shares as well.
There hasn’t been any indication that the attackers behind these emails were targeting OPM breach victims specifically, so while it’s likely that some of those victims may be reached by the attack due to the large number of people affected, it’s also very likely that non-OPM victims have been targeted and deceived as well. Visit Nextgov for the full story.
For more information on Locky, read “New Crypto Ransomware in the Wild” or watch Corey Nachreiner’s Daily Security Byte on the topic. For more information on ransomware in general, check out “Decrypting Ransomware” by Marc Laliberte.
Photo: PC Magazine