Fake Telenor Ransomware Campaign

Today, a malicious email campaign was launched, targeting Norwegian entities. We have seen a large amount of these malicious mails addressed to our employees, customers and partners, and we would like to discourage you from interacting with this email.


The email itself visually appears to be from Telenor, with the subject line “Faktura Fra Telenor Norge AS, Mobil “. It has a payment date close to the future (10th of February), which is there to cause stress so you don’t think twice before clicking the links. The links will however send you to a malicious site, which aims to infect your computer with a ransomware. The ransomware will encrypt any file it has write access to (even open shared file systems), and then demands payment in order to make the files readable again.

In order to better secure your organisation against these types of threats we advise you to look at our article about this, which can be found here: Basefarm Ransomware Information

Further information about this specific attack:
Telenor Twitter
Dinside

BF-SIRT Newsletter 2017-05

The top stories from this week consist of stories such as how Police Arrested Suspected Hacker Who Hacked the ‘Hacking Team’ and that Over 70% of Washington DC’s CCTV Were Hacked Before Trump Inauguration.

You can also read that Police Arrest 5 Cyber Thieves Who Stole 3.2 Million From ATMs Using Malware and Ransomware Hijacks Hotel Smart Keys to Lock Guests Out of their Rooms.

Top 5 Security Links
Police Arrested Suspected Hacker Who Hacked the ‘Hacking Team’
Over 70% of Washington DC’s CCTV Were Hacked Before Trump Inauguration
Police Arrest 5 Cyber Thieves Who Stole 3.2 Million From ATMs Using Malware
Ransomware Hijacks Hotel Smart Keys to Lock Guests Out of their Rooms
Radio Stations Hacked to Play “F**k Donald Trump” on Repeat Across the Country

BF-SIRT Newsletter 2017-03

The top stories from this week consist of stories such as investigating Anna-Senpai, the Mirai Worm Author and how a Billion-Dollar hacker gang is now using Google Services to control its banking malware

You can also read that 123456 is still the world’s most popular password and how to crash anyone’s iPhone or iPad with a simple Emoji text message.

Top 5 Security Links
Who is Anna-Senpai, the Mirai Worm Author?
Billion-Dollar Hacker Gang Now Using Google Services to Control Its Banking Malware
Just give up: 123456 is still the world’s most popular password
You Can Crash Anyone’s iPhone Or iPad With A Simple Emoji Text Message
Don’t Fall For This Dangerously Convincing Ongoing Phishing Attack

BF-SIRT Newsletter 2017-02

The top stories from this week consist of stories such as GoDaddy revoking 8951 certificates issued without proper domain validation and how browser autofill profiles can cause information leakage.

You can also read about the Google Infrastructure Security Design and how to hijack broken nameservers to compromise a target.

Top 5 Security Links
Cracking The 12+ Character Password Barrier, Literally
A data breach investigation blow-by-blow
SHA-1 Migration Status
Why Key Transparency is useful
Solving the SANS 2016 Holiday Hack Challenge

BF-SIRT Newsletter 2017-01

The top stories from this week consist of stories such as 2016 retrospective by Troy Hunt, and A year in infosec: Bears, botnets, breaches … and elections. You can also read a story about how Android tops 2016 vuln list, with 523 bugs, and Be Prepared: The Top ‘Social Engineering’ Scams Of 2017.

Top 5 Security links
Deleted Data Is Still There, On Your Disk
MongoDB databases under attack worldwide
Project Zero calls out Kaspersky AV for SSL interception practices
Deprecation of Insecure Algorithms and Protocols in RHEL 6.9
Class Breaks