Ransomware Group Targets Financial Firms with Phishing Scheme

For well over five years, the Russian-based ransomware group, who call themselves TA505, have been perpetrating massive email attacks against various industries around the globe. It appears they are now targeting the financial industry.

The group has now fine-tuned its signature malware and scripting languages, therefore going on the attack. They have currently been targeting corporations such as North American banks, credit unions and various other financial firms. The attacks come as an email phishing campaign dubbed “MirrorBlast.” With MirrorBlast, users are directed to a fraudulent site where financial service industry (FSI) employees may accidentally download malware onto their corporate computers or other devices.

“FSIs are much better prepared than most other types of businesses to thwart ransomware attacks,” Ivan Tsarynny, CEO and co-founder of Toronto-based Feroot, a client-side security vendor says. “This means lots of internal cybersecurity training, strong passwords, enterprise-wide multi-factor authentication, well-defined vulnerability and patch management strategies, and more. Ransomware is one of dozens of attack vectors.”

However, TA505, though dormant for a while, is basically a sleeping giant that is not to be messed with. The group is believed to have caused more than $100 million in losses over the past few years, according to the U.S. Treasury Department. Additionally, it isn’t just US FSIs under attack. According to a recent report from Morphisec, financial organizations across Canada, Europe and Asia, have also been in their sights.

Nonetheless, to really make an impact, ransomware attacks must hit the server. Yet attacks like these tend to come in through the client side, according to Tsarynny. “Criminals don’t have to use traditional server-side attacks like phishing or ransomware attacks to collect FSI customer data. They can skim the information from banking websites and web applications from the user’s browser… A ransomware or client-side attack might drive customers to switch [institutions] in droves.”

Ransomware is increasingly pervasive and is only one of many growing attacks against FSIs. Online criminals can make a quick buck without very much effort. That’s why here at Vital Integrators, we strive to make your business as protected as possible. Reach out today to get your systems locked down!