Spora – Ransomware

Threat Meter

 

The ransomware is distributed via spam emails and uses a combination of RSA and AES encryption. The ransomware continues to evolve and has also been circulating as a fake Chrome font pack that is distributed via compromised websites.

How do you protect yourself?

You should avoid opening your spam emails and downloading suspicious free files from sites you don’t trust.

 

CVE-2017-11826

 

Threat Meter

 

Microsoft Office 2010, SharePoint Enterprise Server 2010, SharePoint Server 2010, Web Applications, Office Web Apps Server 2010 and 2013, Word Viewer, Word 2007, 2010, 2013 and 2016, Word Automation Services, and Office Online Server allow remote code execution when the software fails to properly handle objects in memory.

How do you protect yourself?

Make sure your software is fully patched, as long as you have the latest security updates you should be protected from this vulnerability.

 

SamSa – Ransomware

 

Threat Meter

 

SamSa is not launched via user focused attack vectors, such as phishing campaigns and exploit kits. This particular family seems to be distributed via compromising servers and using them as a foothold to move laterally through the network to compromise additional machines which are then held for ransom. A particular focus appears to have been placed on the healthcare industry.

How do you protect yourself?

Make sure that your servers are running the latest patched software and are monitored by a firewall.