Home Virusfree Solutions Resources Customers and support Company Blog
Customer portal CZ Try Virusfree

The attack in Benešov was preceded by a triple cryptovirus activity

Systems in the Benesov hospital collapsed today. The reason was cryptovirus attack, which was preceded by increased attack activity.

December 11, 2019


You can read in all the Czech media today that the Benesov hospital has collapsed and all devices are offline. The network was harmed during the night by a cryptovirus that made all laboratory instruments inoperative.

This attack was preceded by an huge increase in cryptovirus activity in e-mails. We have seen 300% increase during night. An email campaign consisted of variety of false orders and invoices in English. Similar activity is recorded almost permanently, but not in such a high degree.

Common subjects from this campaign are:

  • PAYMENT CONFIRMATION
  • Urgent Quotation
  • CONTRACT TERMINATION
  • Boleto referente a taxa de R $ ....
  • NEXT SHIPMENT
  • Purchase Order # .......
  • DHL AWB DOC-INV
  • SOB ADVICE AGAINST
  • Letter of Intent ...

The campaign is very effective and bypasses common spam filters, because attackers do not use botnets (networks of infected computers), but actual user email accounts.

If user uses a weak password or the same password in another compromised service, the attackers is able to log in and send dangerous email messages from mailbox. Unfortunately, the entire databases of email login credentials can be easily purchased online.

The e-mail sent in this way comes with a valid SPF record, sometimes even with a valid DKIM. This means that from the spam filter's point of view, it is a message with all the essentials that reaches the victim's mailbox.

Unfortunately, our long-term experience suggests that the state of IT in some organizations that fall under critical infrastructure is deplorable in terms of security. We notice long-term lack of funding, non-conceptual management and personal need. The infrastructure is then not ready to resist these threats.

E-mail filtering in organizations is beaing boycott by users or management. They argue that they would rather weaken filtering to deliver all emails - including spam. This is as flawed as deliberately reducing the quality of your antivirus solution so that it doesn't accidentally bother users.

Don't miss anything! Use our newsletter...

Company

Excello s.r.o

CRN: 27444899

VAT number: CZ27444899

Prague, Czechia

Useful links

Customer portal Help

This website uses first and third party cookies for advertising purposes. By clicking "Accept", you consent to the use of cookies. Read more about these cookies.

Decline Accept