Ransomware attacks prompt warnings to House members
Members of the U.S. House of Representatives and staffers received warnings that the House network has received a rise in attempted ransomware attacks.
Members of the US House of Representatives and staffers received warnings that the House network has received a rise in attempted ransomware attacks. A House aide told SCMagazine.com staffers received warnings last week of the ransomware attacks.
The phishing emails contained encrypted attachments containing ransomware as zip file e-mail attachments, according to a TechCrunch report, citing an email warning to House members. “The recent attacks have focused on using .js files attached as zip files to e-mail that appear to come from known senders,” the email stated.
Senate staffers have not received warnings of similar attacks, a Senate aide told SCMagazine.com.
“It's an extremely difficult task to mitigate,” Trustwave threat intelligence manager Karl Sigler said, speaking with SCMagazine.com. Social networks make your contacts extremely available.” He said public personalities are especially at-risk, because they have a vast public trail of information that attackers can use to create sophisticated attacks.
“It is not surprising that Capitol Hill is being targeted, what is surprising is that it hasn't happened sooner. The FBI's InfraGard and Secret Services Electronic Cyber Crime Tasks Force have been warning and educating organizations about these attacks for well over a year,” wrote Jerry Irvine, CIO of Prescient Solutions and a member of the U.S. Chamber of Commerce's Cybersecurity Leadership Council. “Companies should create temporary directories for attachments to open in within their email systems to assure ransomware or other malware cannot make it to the core network.”
“People are well aware of phishing scams, yet they fall for the trap very often, wrote A. N. Ananth, CEO of automation and enterprise SIEM provider EventTracker, in an email to SCMagazine.com. “For any organization, ‘Securing the human' is probably the most difficult part of any security endeavor.”
“There unfortunately are not many good solutions,” Trustwave's Sigler said.