Search This Blog

Showing posts with label German. Show all posts

Malspam Campaign attacks German organizations with Buran ransomware


As of Oct 2019 researchers have discovered malicious spam (malspam) campaign targeting German organizations that delivered Buran crypto-ransomware family. The emails are crafted so as to appear to be coming from online fax service eFax.

Public reporting indicates that Buran malspam campaigns began on 13 September 2019, corroborated by metadata found in emails and Microsoft Word documents. Then the campaign on 1 October 2019 copied the eFax brand, an online fax service. German organizations were targeted using an email that seemed like it was from eFax and Word document in German.

 Technical Details 

On opening the mail, the user is given a hyperlink, which if clicked directs the user to a PHP page that contains the malicious word document. The document then contains a Visual Basic for Applications (VBA) macro, when enabled, downloads the malicious executable.

On Activation, the Buran ransomware performs the following tasks- (Sc.Itssecure.com)

•Sends an HTTP GET request to hxxp://geoiptool[.]com, in order to determine the location of the victim machine.
•Copies itself to another directory & renames itself to “Isass.exe”, in order to evade being detected by security solutions in place.
•It then utilizes a command shell to establish persistence.
•Further, it modifies the windows registry’s run key, so that “Isass.exe” is executed every time someone logs into the machine.
•It then disables services like windows event log and windows error recovery & automatic repair.
•Finally, it deletes any backups made by Volume shadow copy service (VSS).
•Upon completion of the encryption process, a ransom note is displayed, containing the instructions that need to be followed by the victim, in order to decrypt his files.

These type of malicious spam ransomware campaigns leads to lag in business-critical operations, loss of sensitive and confidential data and financial loss to the organization. Such ransomware keeps surfacing often and can lead to degeneration of an organization and hence organizations should take active measures and protect themselves from such malevolent attacks. The organizations should create strong cybersecurity with updated systems and software and invest in employee training programs, to aware them about malspams, phishing, and other threats.

Belgian and German MasterCard data breach




European unit of MasterCard Inc.’ has formally informed  Belgian and German's Data Protection regulators about a data breach from the company's Priceless Specials loyalty program.

Customers data are available on the internet include, names, payment card numbers, email addresses, home addresses, phone numbers, gender, and dates of birth.

The card company alerted the watchdog about the breach on Aug. 19 and said the episode would have affected thousands of people, “a significant portion” of them would be from Germany.

After the discovery of data leak, Mastercard suspended Priceless Specials Germany and took down its website. The message posted on the website says:  "This issue has no connection to MasterCard's payment network."

"We have received a lot of questions and complaints since the announcement of this incident, we want to reassure users: we have contacted MasterCard in order to get additional information, and are following this case closely together with the Hessian data protection authority and all the other possible concerned authorities," says David Stevens, Chairman of the Belgian Data Protection Authority.

According to Heise Media reports Excel spreadsheets containing data of 90,000 and 84,000 rows that were distributed on the internet.

"On August 21, 2019, we became aware that the second file of personal information was published on the Internet. We are working to remove them as well."