Another Ukrainian company gets hacked: hint of Petya.A Part 2?

by Lucia Danes - - 2017-08-24

Companies fail to ensure cyber security

Companies should reconsider their cyber security policies

It seems that there is hardly any “calm” or at least “ordinary” day when it comes to cyber space. While NotPetya/Petna.A developers identity remains to be a mystery, a recent hack of M.E.Doc rival’s Crystal Finance Millennium (CFM) might imply that the second wave of global ransomware outbreak is coming. Is it really so?

Website hacked, breach ceased

Comparing the two cases, it seems that CMF was much better prepared than the former company (if we suppose that M.E.Doc accidentally ignored security warnings). On August 18, news broke out about Crystal Finance Millennium main website hacked^[1] hacked. Luckily, no further damage was inflicted.^[2]

Further investigation revealed that the compromised website servers sent out spam emails with load.exe file which downloads Purge ransomware version also called Purgen. Other cyber security researchers have identified that the executable file loads Zbot banking trojan.

There are also opinions that the fraudulent file attracts Chthonic banking trojan.
On the overall, it turns out to be an ordinary malware campaign rather than another major ransomware outbreak. No new crypto-malware traffic is detected except PSCrypt malware which has been spotted roaming in Ukraine earlier.

The season of malware spam heats up

It seems that the end of summer signifies the very peak of online spam season. The HBO data breach which resulted in Game of Thrones new series getting leaked is one of the illustrating cases. What is more, recently their social media accounts have been compromised by hackers introducing themselves as OurMine.^[3]

Additionally, FBI warns about a major boost in W-2 spam campaign which attempts to wheedle out users’ social security data^[4]. Furthermore, recently WannaCry attracted media attention as LG company self-service kiosks’ in South Korea were infected with a supposed version of the malware. Failure to update the networks seemed to be the fatal mistake.

Companies need to brace cyber security

Recent hack accidents again remind companies that they need extra attention and human resources to identify and fix security flaws. Since malware developers diversify their victims’ list, no company is safe from their target. What is more, the surprisingly foolish mistakes to update the systems despite continuous suggestions and warnings to do so raises frustration if not suspicions. Whether you are a company employee or an ordinary user, keep in mind to:

update cyber security software
use VPN to secure your internet connection
install OS updates once they are out
do not click any attachments without verifying the sender’s identify

About the author

Lucia Danes - Virus researcher

Lucia is a News Editor for 2spyware. She has a long experience working in malware and technology fields.

Contact Lucia Danes
About the company Esolutions

References

^ Costin Raiu. The Crystal Finance Millennium website in Ukraine has been hacked and distributing malware since at least August 18.. Twitter. Online source for communication and news.
^ Catalin Cimpanu. Ukraine Fears Second Ransomware Outbreak as Another Accounting Firm Got Hacked. BleepngComputer. News, reviews, and tech support.
^ HBO social media hacked in latest cyber security breach. BBC News.
^ FBI warns of spreading W-2 email theft scheme. ChicagoTribune. Chicago breaking news.