• Articles
    • Editorial Articles
    • Research Articles
    • WatchGuard Articles
  • The 443 Podcast
  • Threat Landscape
  • About
    • About Us
    • Contact Us
    • Contribute to Secplicity

Secplicity - Security Simplified

Powered by WatchGuard Technologies

OPM Breach Used as Bait in Phishing Campaign with Ransomware Payload

November 11, 2016 By The Editor

ransomware

This week, cybersecurity firm PhishMe discovered tens of thousands of malicious emails deceptively sent from an “account manager” at the United States Office of Personnel Management (OPM). Likely targeting individuals who were affected by, or simply aware of the 2015 OPM data breach, the emails notified recipients of “suspicious movements”concerning a particular account and encouraged them to open a malicious attachment.

The attachments were loaded with Locky, a particularly nasty crypto ransomware variant. Once it infects a system, Locky encrypts data using AES encryption and then leaves a blackmail letter urging victims to pay a bitcoin ransom to get their data back. It even goes a step further by search for any network share, and encrypting data on those remote shares as well.

There hasn’t been any indication that the attackers behind these emails were targeting OPM breach victims specifically, so while it’s likely that some of those victims may be reached by the attack due to the large number of people affected, it’s also very likely that non-OPM victims have been targeted and deceived as well. Visit Nextgov for the full story.

For more information on Locky, read “New Crypto Ransomware in the Wild” or watch Corey Nachreiner’s Daily Security Byte on the topic. For more information on ransomware in general, check out “Decrypting Ransomware” by Marc Laliberte.

Photo: PC Magazine

Share This:

Related

Filed Under: Editorial Articles Tagged With: cyber security, Hacking, Infosec news, Malware, ransomware, Security breach

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

The 443 Podcast

A weekly podcast featuring the leading white-hat hackers and security researchers. Listen Now
the 443 podcast

Threat Landscape

Filter and view Firebox Feed data by type of attack, region, country, and date range. View Now
threat landscape

Top Posts

  • Scratching the Surface of Rhysida Ransomware
  • An Interview with ChatGPT
  • TikTok is Banned, Kind Of
  • How Not to Update Software

Email Newsletter

Sign up to get the latest security news and threat analysis delivered straight to your inbox

By signing up you agree to our Privacy Policy.


The views and opinions expressed on this website are those of the authors and do not necessarily reflect the policy or position of WatchGuard Technologies.

Stay in Touch

Recent Posts

  • How Not to Update Software
  • Naming APTs
  • TikTok is Banned, Kind Of
  • Scratching the Surface of Rhysida Ransomware
  • An Interview with ChatGPT
View All

Search

Archives

Copyright © 2023 WatchGuard Technologies · Cookie Policy · Privacy Policy · Terms of Use