New Ransomware Designed to Evade Machine-Learning Hits Konica Minolta Copier/MFP
IT-security firm Comodo Threat Intelligence Lab has reported that, last month, hackers began ransomware attacks using a Konica Minolta copier/MFP, infecting users’ PCs, and encrypting their files, and then subsequently demanding a ransom of between 0.5 to one Bitcoin ($4,000 U.S.)) to un-encrypt them. The ransomware attack is said to have been able to evade machine-learning and algorithm-based security tools.
Comodo calls this latest variant of “Locky” ransomware “IKARUSdilapidated,” with the attack said to have originated from hackers in Vietnam, Mexico, India, and Indonesia. Users in Southeast Asia, India, Europe ,and the Americas are said to have targeted, as well as users in Australia, New Zealand, and Indonesia.
Many of the attacks took the form of an email that’s said to mimic emails generated by the Konica Minolta C224e, which users often use to scan a document and then have the MFP email the scanned document to themselves. The email subject line contained the subject line “Message from KM_C224e” and contains a malicious attachment. Other emails are said to take the form of fake invoice statements, with subject lines reading “Status of invoice.”
Fatih Orhan, head of Comodo noted: “These types of attacks utilize both botnets of servers and individuals’ PCs, and new phishing techniques using social engineering for unsuspecting office workers and managers. This enables a very small team of hackers to infiltrate thousands of organizations and beat A.I. and machine learning-dependent endpoint protection tools, even those leading in Gartner’s recent Magic Quadrant.”
According to Comodo, this new wave of ransomware attacks used a botnet of zombie computers (usually connected to network through well-known ISPs [Internet service providers]) to coordinate a phishing attack that sent the emails to victims’ email accounts.
Comodo stated that the emails includes the scanner/printer model number belonging to the Konica Minolta C224e, one of the most popular MFPs used in Europe, South America, North America, and Asia.
Comodo further states that two ransomware campaigns started on September 18, 2017 and appeared to have ended on September 21, 2017, but that similar attacks should be expected in the near future.
It also states that both September attacks have a “.ykcol” extension and the “.vbs” files are distributed via email, indicating that malware authors are “developing and changing methods to reach more users and bypass security approaches which use machine learning and pattern recognition.”
In the meantime, users should always be cautious opening any suspicious email message – and extremely cautious of opening or downloading any files contained in those emails.
- June 2017: Printers Hacked to Send Ransomware Bomb Threats to U.S. Universities
- June 2017: CompTIA Certmaster Introduces New Course On Latest Cybersecurity Certification
- May 2017: Lexmark Beefs-Up Printer and MFP Security with New Secure Document Monitor
- May 2017: Samsung Launches New Remote-Troubleshooting, Security Apps
- May 2017: Next-Generation Nuance eCopy ShareScan V 6.0 Boasts New Security, Productivity Features
- May 2017: New HP LaserJet Enterprise 600 Series ‘Highest-End A4s’ with Highest Level of Security, FutureSmart 4, More
- March 2017: Canon Introduces imageFORMULA ScanFront 400 Scanner with Beefed-Up Security Features
- March 2017: New Brother Business-Class Laser Printers, MFPs Feature ‘Enterprise-Level Security,’ Workflow Solutions
- March 2017: OKI Europe Rolls out New A4 Desktop MFP, MC536dn, with Enhanced Security, More
- February 2017: 150,000 Printers and MFPs Said to Have Been Hacked
- February 2017: HP Recruits Actor Christian Slater to Warn of Printer Security Vulnerabilities
- February 2017: Scammers Blackmailing Users Seeking Help for ‘Printer Error’ Messages
- January 2017: HP: Battle Hackers with these Printer Security Solutions
- December 2016: HP Redesigns MPS to Protect Networked Copier/MFPs, Printers Now Pre-Configured for Security
- September 2015: The Internet of Things – Including Printers – Poses Significiant Security Risks, Warns FBI
- September 2014: Canon PIXMA Printer Hacked to Demonstrate Vulnerability of ‘Internet of Things’