Sage Ransomware Distinguishes Itself with Engaging User Interface and Easy Payment Process

In early 2017, the Sage ransomware distinguished itself with a fresh take on the business model for criminal ransomware operations. Built with an engaging, intuitive user interface for requesting the ransom payment, it also reinforced the fact criminals are willing to invest in developing new versions of established ransomware tools.  Sage has reasserted itself as a relevant player on the already-saturated ransomware threat landscape with version 2.2.

Fake Swiss Tax Administration Office Emails Deliver Retefe Banking Trojan

PhishMe®’s Phishing Defence Centre has observed multiple emails with a subject line that includes a reference to tax declarations in Switzerland (Original subject in German: “Fragen zu der Einkommensteuerklaerung”) as shown in Figure 1. The sender pretends to be a tax officer working for the tax administration (Eidgenoessische Steuerverwaltung ESTV) and is asking the victim to open the attached file to answer questions about the tax declaration.

Locky or TrickBot? Depends Where You Are. Malicious Payload Delivery Tailored by Geographic Location

BY NEERA DESAI AND VICTOR CORNELL

It is not uncommon for threat actors to deploy malicious payloads from multiple malware families during a single phishing campaign. These malware tools may include ransomware, a financial crimes trojan, or other botnet malware. However, it is not as common for those attackers to deploy different malware tools based upon the geographic location of their victim.