This article just tickles me. Its one thing when the city tells us that they’re investigating the incident to determine ransomware, the fact they don’t know for sure, and they’ll keep us updated.
I think that’s great.
Then they claim that a sophistocated actor was involved and that an employee downloaded a zip file.
How can a sophistocated actor be involved when it started with the employee downloading the fucking file to begin with?
The paragraph mentioning this said:
Mayor Ginther stated that the attackers were “an established, sophisticated threat actor operating overseas,” though no specific threat group names or other information were given.
A different paragraph states
Today, Columbus Navigator reports that hackers accessed the City’s internal network after an employee downloaded a ZIP file from a website.
hen I think of sophistocated attacks, I think of someone who went through my blog, got in to the network through some vulnerability that way, somehow got to the firewall to then look at various things, lock me out of my site(s) and caused a bunch of havoc. That’s sophistocated.
It doesn’t take any sophistocation for someone to send me an email, tell me whatever they want to tell me in the mail message, for me to open the zip file to then infect myself so someone can gain access. That, isn’t fucking sophistocation. That’s stupidity.
First, I’d run the file through either Malwarebytes Virus Total or a combination of the two since that’s what I have here.
I could in theory also run it through Windows Defender (otherwise known by us as decrapper) to see if it “knew” anything about it.
If anything yelled at me, than I’d know better.
If nothing yelled at me, I’d still probably not run it, because we’ve talked about these types of attacks before.
If you need a reminder of these, please ask, and I’ll give you some real email samples I’ve had.
In fact, I’ll show you one very old one now.
EAWB Notification
Subject:
EAWB Notification
From:
“DHL Express” <>
Date:
8/23/2022, 7:20 PM
To:
Recipients <>
Dear Customer,
Attached copy of Label AWB & Shipment Receive for AWB Number : 9284730932
If you have any questions or need further assistance, please call +62 21 2953 7200 or email:
Kind regards,
DHL ExpressPlease do not reply to this email.
Attachments:
AWB_NO_#9284730932.rar 723 KB
Virus Total yelled at me about this, as well as two other similar emails.
If anyone can guess what’s wrong with this email, you win!
If you live in Columbus, please read Columbus investigates whether data was stolen in ransomware attack for the full details.