Aggressive Malware Threats In Circulation

Some bad malware hombres are out there, and we’ve got the scoop on each of them right here for you.

  • Herbalife or “copier” file Locky variant ransomware

Summary – As of 9/19, Barracuda Advanced Technology Group is monitoring an aggressive new ransomware threat.  It will come as an email from a false source with a subject of “Herbalife” or include a reference to a “copier” file delivery. Victims who pay the ransom will reportedly not receive a decryptor to break the hack. See Barracuda’s blog for examples of how these emails might look.  Barracuda researchers have confirmed that this attack is using a Locky variant with a single identifier.  The identifier allows the attacker to identify the victim so that when the victim pays the ransom, the attacker can send that victim the decryptor.  In this attack, all victims get the same identifier, which means that victims who pay the ransom will not get a decryptor because it will be impossible for the criminal to identify them.

How to protect against this threat:  Be aware of the red flags associated with this particular malware and avoid opening any emails with either of these references. Also, always be sure you’re using solid email cyber security best practices, including:

Assessing the basic ‘legitimacy’ of an email (Any weird grammar usage or misspellings throughout the email, or with the company name itself? Do any included links or graphics used within the email actually point to a seemingly unassociated website?)
Not clicking on links within the email (copy and paste any provided links into a new browser window instead)
Not downloading any files
We provide more helpful information on this tip sheet you can print out and share with your staff and colleagues.


  • Red Alert 2.0

Summary – A malicious banking Trojan that affects Android Users. This malware has been distributed over the past few months through third-party app stores and harvests personal credentials, steals contact details and uses a range of techniques to act as a significant threat to Android users  More here.

How to protect against this threat: Ensure you avoid third-party app stores and only download software for your Android device from the Google Play Store.


  • NotPetya virus update

Summary – This strain of attack, hitting companies in Ukraine and Europe this summer, froze users’ computers, encrypted their files and demanded a ransom of $300 in bitcoin to regain access. Researchers found regardless whether victims paid the ransom, data can be deleted. The pain and costs of recovering from this kind of attack are extreme.

How to protect against this threat: Be sure you’ve assessed your security risk and are comfortable with your company’s current security posture. If you would like assistance with getting a snapshot of your current security outlook, always feel free to reach out to us.
More information on this attack can be found here.