New malware blackmailing companies and stealing IP
4 December 2014
Alert Priority Low
The FBI has reportedly issued a flash warning to companies in the United States about a new form of malware that cripples hard drives and threatens to steal their intellectual property (IP).
While few details of the warning are available, the release follows a recent reported attack on the systems of Sony Pictures Entertainment in the US.
There is no evidence that the reported malware is being used to target companies and individuals in Australia. Nevertheless, if you maintain corporate IP, financial data or sensitive employee information on hard drives, you should check your security tools, ensure your backups are up-to-date, and ask employees to review and limit the amount of sensitive personal data, such as banking details, they save on files or emails.
Targeted threats precede theft of data and destruction of hard drives
The new malware reportedly overrides data on computer hard drives, and makes it impossible to subsequently restart affected devices. It also shuts down email communications. Recovering data on hard drives attacked by the malware can be difficult and costly, if not impossible.
Reuters reported that the initial attack originated from an organisation calling themselves #GOP, or Guardians of Peace. Employees reportedly experienced unprompted messages from #GOP on corporate devices, followed by unrecoverable crashes.
Small businesses should be on the alert for any unusual messages that are flashed on-screen during device startups, in particular messages that contain a specific threat to your commercial interests. Employees should be asked to report any spam email, or electronic communication, that makes coercive threats against company executives.
Potential risks include leaking of company data, communication systems going offline—including email—and Twitter accounts being hijacked.
Types of information that may be threatened by this malware include:
sensitive commercial information, including finance and accounting information and contracts
PDF files containing confidential employee information, including credit card details and passport pages and
logins and passwords to company and third-party sites.
The appearance of new malware should act as a reminder to all businesses to keep their information security practices under constant, or comprehensive periodic review. IT and network administrators should ensure that security tools are up-to-date, data is backed up regularly, and that corporate policies extend to employee-owned devices that are used for work purposes.
Employees should be asked to periodically change the passwords they use for work activities. They should also be asked to consider whether sensitive personal data, for example banking details, are stored anywhere on work emails or work hard drives. If so, they should consider deleting files or emails that are not essential to day-to-day working activities.
Thank you to those subscribers who have provided feedback to our Alerts and Newsletters. We are very interested in your feedback and where possible take on board your suggestions or requests.
This information has been prepared by Enex TestLab for the Department of Communications ('the Department'). It was accurate and up to date at the time of publishing.
This information is general information only and is intended for use by private individuals and small to medium sized businesses. If you are concerned about a specific cyber security issue you should seek professional advice.
The Commonwealth, Enex TestLab, and all other persons associated with this advisory accept no liability for any damage, loss or expense incurred as a result of the provision of this information, whether by way of negligence or otherwise.
Nothing in this information (including the listing of a person or organisation or links to other web sites) should be taken as an endorsement of a particular product or service.
Please note that third party views or recommendations included in this information do not reflect the views of the Commonwealth, or indicate its commitment to a particular course of action. The Commonwealth also cannot verify the accuracy of any third party material included in this information.