Security News

MedusaLocker ransomware freezes files around the world

Avast Security News Team, 25 October 2019

Plus, authorities bust a €10M BEC scam, hackers prove that Alexa and Google Home are vulnerable, and a cybercrook who compromised the Superior Court system gets sentenced.

Researchers have identified a new strain of ransomware that is spreading around the globe. Bleeping Computer reported that MedusaLocker, as the new strain is called, was first observed in September 2019 and has been steadily infecting more computers every day, though its methods of infection remain unknown. Once it infiltrates a machine, MedusaLocker systematically runs through a checklist of commands to render the machine as vulnerable as possible and to optimize the ransomware’s hold over the data. First, it ensures that it has access to all drives connected to the system, then it shuts down any active security measures, and finally it wipes clean any existing file backups. After that prep, it scans the drives for files to ransom and proceeds to encrypt them. When it’s finished, the ransomware sleeps for sixty seconds, then scans anew for more files to encrypt. MedusaLocker also programs a scheduled task to run the ransomware every thirty minutes so that it stays active. A ransom note, riddled with grammatical mistakes, is placed in every folder containing encrypted files. Instead of stating the financial demand, the note lists two email addresses which the user is prompted to message in order to purchase a decryptor. The note even suggests the user attach one encrypted file to the message, so the attackers can return it decrypted to the user in a gesture meant to prove the decryption key exists. Researchers continue to study MedusaLocker, and it is still unknown whether or not its encrypted files can in fact be decrypted. 

Suspects arrested in Spain for international BEC scam

A three-year international effort investigating a prolific business email compromise (BEC) scam has led to the arrest of three individuals in Spain, with a fourth brought in for questioning. The suspects range in age from 34 to 67. ZD Net reported that the perpetrators of this latest scam have swindled at least ten million euros from the victimized organizations. Twelve companies across ten countries have reportedly succumbed to the attack, which used phishing techniques to pose as upper management demanding a funds transfer. To appear more convincing, attackers drafted the phony messages using company letterhead and branding. The complicated money laundering part of the scheme consisted of 83 fake companies and 185 bank accounts. So far, 1.29 million euros have been recovered in the “Lavanco operation,” as the investigation is called, a collaborative undertaking that involves Europol, Interpol, the FBI, and other law enforcement agencies. “This is great news because unlike other forms of cybercrime, there is no software to protect you from BEC. That’s why it’s a real threat to companies,” commented Avast Security Evangelist Luis Corrons. “The only way to end this form of crime is to arrest the criminals, which is happening now and hopefully will continue in the future.”

This week’s quote

“Security is a never-ending journey.” - statement made by Apple regarding recent iOS security problems. Learn more about new threats facing Mac users today.

Malicious apps prove smart speakers can be compromised

White hat hackers have shown the world that Alexa and Google Home can be manipulated for malicious purposes through third-party apps, Ars Technica reported. The hackers developed eight apps – four for Alexa and four for Google Home. The apps posed as horoscope readers and, in one case, a random number generator, but the hackers planted malware in each of them to either eavesdrop or phish for passwords. All of the apps carried out their shadow operations successfully. The eavesdropping apps recorded users without their knowledge and sent the audio back to the command and control center, which was the white hat hackers base. The phishing apps, when activated, falsely informed users that there was an error, and then went silent, intending to fool users into thinking the app closed. A moment later, the app used a soundalike voice of either the Alexa or Google Home official voice to tell users that an upgrade to the device was available, followed by a request for their passwords to permit the upgrade. After proving these ruses worked, the hackers took down the apps and shared their entire process with Amazon and Google. Both companies removed the apps from their stores and vowed to strengthen their app review processes so that similar apps never get approved. “Home voice assistants are becoming more popular,” said Corrons, “and research efforts like this help in different ways. First, it helps vendors fix and fortify their products before cybercriminals are able to find and exploit these issues. And second, it helps consumers become aware of the risks associated with being more and more connected everyday.”

This week’s stat 

According to the latest cybersecurity research, enterprises today face a 400% increase in phishing URLs. Read more to learn how IT managers are dealing with this and other threats.

Texas man gets 12 years for hacking Superior Court

The Associated Press reported that a 33-year-old Katy, Texas resident was sentenced to twelve years in federal prison for hacking into the Los Angeles County Superior Court computer system in 2017 and using it to send two million phishing emails. The two-part phishing scam began with the infiltration of just one email account in the court system. Using that account, the attacker then phished the credentials of hundreds of other email accounts from court workers. The second part of the plan entailed using all the compromised court system accounts to send two million phishing emails to intended targets. The emails posed as notices from American Express, Wells Fargo, and other companies to trick users into divulging their banking and credit card information.

This week’s ‘must-read’ on The Avast Blog

Meet Michal Pechoucek, Avast’s new CTO.  Learn why he believes artificial intelligence is both the biggest threat and the biggest opportunity for cybersecurity – and why he’d like to spend time with the Dalai Lama.


Avast is a global leader in cybersecurity, protecting hundreds of millions of users around the world. Protect all your devices with our award-winning free antivirus. Safeguard your privacy and encrypt your online connection with SecureLine VPN. Get advertisers off your back and disguise your online identity for greater privacy with Avast AntiTrack.