The security review: Locky, Mumblehard takedown and Facebook scams

Welcome to this week’s security review, which includes an in-depth look at how the ransomware dubbed Locky is infiltrating computer systems.

Welcome to this week’s security review, which includes an in-depth look at how the ransomware dubbed Locky is infiltrating computer systems.

Welcome to this week’s security review, which includes an in-depth look at how the ransomware dubbed Locky is infiltrating computer systems.

The past seven days of security have also seen the takedown of the Mumblehard Linux botnet, the addition of end-to-end encryption by WhatsApp and a massive data breach in Turkey which could affect more than half of the country’s population. Meanwhile, ESET senior research fellow David Harley answers six important questions related to vulnerabilities, exploits and patches.

Analysis of the Locky infection process

ESET’s Diego Perez delivered a timely analysis of Locky, explaining in detail how this malicious type of ransomware “infiltrates computer systems and hijacks data”. What tends to happen, he explained, is that victims receive an email with what looks to be a normal attachment. However, embedded in this is a trojan, detected by ESET solutions as Win32/Filecoder.Locky.

Mumblehard takedown stops army of Linux servers from spamming

Mublehard spam

One year after ESET released its technical analysis of the Mumblehard Linux botnet, it is no longer active. Working in cooperation with the Cyber Police of Ukraine and the CyS Centrum LLS, ESET was able to tackle the botnet, and all spamming activities have been ceased since February 29th, 2016.

Vulnerabilities, exploits and patches

How would you explain the importance of patching so your grandma can understand it? ESET senior research fellow David Harley offers an expert answer to this, plus five more important questions that concern vulnerabilities, exploits and patches.

Buying Ray-Bans? Don’t fall for this Facebook scam


A new wave of Facebook scams are attempting to lure in victims with the temptation of discounted sunglasses. Cybercriminals are posting spam ads to the social network via hacked Facebook accounts, promoting fake Ray-Bans with discounts as high as 90%. “On top of the possibility of losing a few dollars on counterfeit goods, victims’ payment card details are at risk,” says ESET’s Lukas Stefanko.

50 million Turkish citizens could be exposed in massive data breach

It was reported that more than half of the Turkish population may have been affected by a huge data breach. A database leaked by unnamed attackers is said to include as many as 50 million records, including addresses, parents’ first names, cities of birth, birth dates, and national identifier numbers used by the Turkish government.

US and Canada issue ransomware alert

ransomware encryption

Following a recent increase in ransomware attacks, the Department of Homeland Security (DHS) in the US and the Canadian Cyber Incident Response Centre (CCIRC) felt compelled to issue a new alert to warn members of the public of this growing threat. Both organizations said that there has been a proliferation in such attacks, as cybercriminals are wisening to the fact that it can be very profitable.

Trump Hotel Collection suffers data breach

The Trump Hotel Collection has been the victim of another data breach, according to security expert Brian Krebs. While the attack is still under investigation, the researcher reported that some, if not all, of the properties that form the collection could be affected. The hotel chain, which belongs to the Republican presidential candidate Donald Trump, was previously attacked between May and June 2015.

WhatsApp adds end-to-end encryption for its one billion users


WhatsApp became the latest major company to pursue tougher encryption technology, announcing the addition of end-to-end encryption for its one billion users. The Facebook-owned messaging app said that all messages, including texts, calls, videos, voice messages, and files, will be end-to-end encrypted by default, meaning only the sender and recipient(s) will be able to access them.

Sign up to receive an email update whenever a new article is published in our Ukraine Crisis – Digital Security Resource Center