Ransomware Masked as Rockwell Update

nhatsen · Jul 7, 2016

A known rule is that you should never open an attachment which seems suspicious... especially if the attachment is Allenbradleyupdate.zip:

http://www.isssource.com/ransomware-masked-as-rockwell-update/

Rockwell Automation has learned about the existence of a malicious file called ‘Allenbradleyupdate.zip’ that is being distributed on the Internet. This file is NOT an official update from Rockwell Automation, and we have been informed that this file contains a type of ransomware malware...

dmroeder · Jul 7, 2016

Jeez, they are relentless with that stuff. I suppose it's an easy money maker, probably easier than trying to steal credit card or bank info.

I had a guy that I work with bring me his laptop which was infected with ransomware, a couple of years ago. I was able to fix it the first time without too much trouble. The 2nd time I couldn't. Lucky for him he was diligent about keeping backups. Now days it sounds like they are a lot more sophisticated.

jraef · Jul 7, 2016

My wife just got one on her email last night, telling her that Google was going to delete all of her photos unless she installed a new "Google.zip" file attached to the email. LUCKILY she asked me about it first! However the only reason she bothered asking me was because she remembered that we use Amazon's photo service, not Google's. I had to re-emphasize to her about NEVER opening attachments to emails unless you specifically ASKED for them from someone.

dmroeder · Jul 7, 2016

jraef said:
My wife just got one on her email last night, telling her that Google was going to delete all of her photos unless she installed a new "Google.zip" file attached to the email. LUCKILY she asked me about it first! However the only reason she bothered asking me was because she remembered that we use Amazon's photo service, not Google's. I had to re-emphasize to her about NEVER opening attachments to emails unless you specifically ASKED for them from someone.

I ended up switching my folks over to Linux due to their willingness to open anything in an email. Time and time again I would tell them assume that anything in an email is bad, but they don't always get it. "But it said that I had a virus so I had to click it".

rdrast · Jul 8, 2016

It is a slight bit of a pain, but both here at work, and at home, I have email rules that auto-delete any email with a .ZIP attachment.

trentg@felixconstruc · Jul 8, 2016

VMWare or any other virtual box has proven to be a life saver when it comes to these situations.

Phil Buchanan · Jul 8, 2016

rdrast said:
It is a slight bit of a pain, but both here at work, and at home, I have email rules that auto-delete any email with a .ZIP attachment.

I do the exact same and if someone needs to send me a file I have them do it via Hightail or Dropbox.

Peter Nachtwey · Jul 8, 2016

dmroeder said:
I ended up switching my folks over to Linux due to their willingness to open anything in an email. Time and time again I would tell them assume that anything in an email is bad, but they don't always get it. "But it said that I had a virus so I had to click it".

This is what my father does. Parents shouldn't be trusted with anything more complicated than a Chrome Book or iPad. Something that can't be screwed up.

nhatsen · Sep 14, 2016

FYI

TN799091 Claims of ransomware masquerading as an Allen-Bradley Update (Access Level Everyone):

https://rockwellautomation.custhelp.com/app/answers/detail/a_id/799091/page/1

cjd1965 · Sep 14, 2016

Peter Nachtwey said:
This is what my father does. Parents shouldn't be trusted with anything more complicated than a Chrome Book or iPad. Something that can't be screwed up.

Yep. My 73 yr old dad could hardly turn on a PC but loves his ipad

robertmee · Sep 14, 2016

I got one today that spoofed my company's own domain server....It was from "[email protected]"...It spoofed the return address, header, hop path...hard to discern that it wasn't from me, other than I know I have no email called accounting. It had the message "Just received this from the IRS" and a IRS.DOC attachment.

Fortunately, I use mailwasher, so emails don't even get pulled into outlook without me approving them. I blasted that one right off network solutions server.

GTUnit · Sep 15, 2016

dmroeder said:
I ended up switching my folks over to Linux due to their willingness to open anything in an email. Time and time again I would tell them assume that anything in an email is bad, but they don't always get it. "But it said that I had a virus so I had to click it".

Lol, like my mom. Every few months these is an issue and my free tech support line gets a call and there is a bunch of whining on the other line.

*sigh*

Ransomware Masked as Rockwell Update

nhatsen

Member

dmroeder

Lifetime Supporting Member

jraef

Member

dmroeder

Lifetime Supporting Member

rdrast

Lifetime Supporting Member

trentg@felixconstruc

Member

Phil Buchanan

Lifetime Supporting Member

Peter Nachtwey

Member

nhatsen

Member

cjd1965

Lifetime Supporting Member

robertmee

Lifetime Supporting Member

GTUnit

Member

Similar Topics