The culprits responsible for Locky ransomware have begun using data obtained in the OPM data breaches of 2014 and 2015 in a new campaign designed to spread cryptoransomware. It remains unknown exactly how much data was obtained, however in total, around 22 million user records were stolen in the OPM breach.
Those whose email addresses were stolen in the OPM data breach are sent a forged notification that claims to have come from Eli Lucas, the OPM account manager. This email indicates that “the bank” has notified OPM of suspicious action on their account.
Victims of the OPM data breach have been informed that their data was stolen, therefore they are probably aware of a risk of a considerable risk of fraud. Unfortunately, as the email appears to be from within OPM, this may influence many employees to open the malicious file attachment as they might assume that the email is genuine.
Together with the use of spam filters, one of the most successful methods of avoiding infections is to provide employees with security awareness training. Receipt of a malicious email does not have to result in ransomware infection. Recipient users must open the emails and attachments to allow the ransomware to download to their devices. By offering them training, the end users should become more skilled at recognizing malicious emails that have bypassed spam filters and therefore know not to open attachments.
If end users took the time to stop and think about the email, they may become suspicious as to why the bank would be contacting an OPM account manager concerning the problem, as opposed to the individual account holder.
Although these flags may appear evident to most individuals that something is amiss, it must be remembered that it only takes one employee to mistakenly open and run the attachment for the ransomware to be installed. Should training not be provided to all employees via email and web security, scams of this nature could easily result in a ransomware infection that effects an entire network.