There’s a large-scale ransomware attack going on this week with attackers using a phony Bank of Montreal template to lure victims into clicking on a malicious attachment, says Chester Wisnewski, a Vancouver-based senior security advisor at Sophos Inc.

He knows because he got one of the messages in his email as he was heading to Las Vegas on Monday for the security vendor’s annual partners conference.

“Literally as I got on the plane I got what looked like a BMO phish, and in fact it was  ransomware,” he said in an interview. “It was amazing how well crafted it was because the Web site booby-trapped with the exploit is literally a carbon copy of the BMO online login landing page.”

He also recently received a phony message purporting to be from Quebec Internet and cable provider Videotron.

These are timely example that illustrates a SophosLabs Self-propagating ransomware is coming, warns report

Rising ransomware now threatens critical infrastructure

Patching and updates are crucial, he said. For example, the latest versions of Microsoft Office are better at stopping document malware — for example, giving admins the ability to disable macros in documents that came from the Internet. Similarly Windows 10 is more secure that Win 7, he said. Using a sandbox and Web filtering are also useful, he added.

The report also said researchers have found different ransomware strains target specific locations. For example, versions of CryptoWall predominantly hit victims in the U.S., U.K., Canada, Australia, Germany and France. TorrentLocker has attacked primarily the U.K., Italy, Australia and Spain, while TeslaCrypt honed in on the U.K., U.S., Canada, Singapore and Thailand.

Sophos also said its customer data shows that while Western countries are highly targeted for malware, less developed countries show higher attacks or infections. For example, nations with what Sophos calls a high threat exposure rate (infections/attackers per 1,000 Sophos endpoints) include Algeria (30.7 per cent), Boliva (20.3 per cent), Pakistan (19.9 per cent) and China (18.5 per cent) and India. Nations ranked with the lowest TER include France at 5.2 percent, Canada at 4.6 percent, Australia, and the U.K.

Wisnewski suspects computer users in countries with the higher TER don’t update or patch their systems as often as those in other countries.

Separately Sophos released a report on Microsoft Office exploits found in Q4 2015, which said that — again — Sponsor: Acquia
Can we save the open web?
Join the creator of Drupal, Dries Buytaert, in a discussion about the web’s evolution, how we can put the power of the internet back into the hands of the people, and how you can prepare your organization.
Register Now