Photo by rawpixel.com, From Freepik
Cyber Attackers Use Royal Mail Impersonation To Spread Ransomware
- Written by Kiara Fabbri Former Tech News Writer
- Fact-Checked by Justyn Newman Former Lead Cybersecurity Editor
In a Rush? Here are the Quick Facts!
- Proofpoint revealed a ransomware campaign impersonating Royal Mail.
- Ransom demand for decryption was $400 in Bitcoin.
- Ransom designed for destruction rather than profit.
On Wednesday, Proofpoint researchers published a report uncovering a cyber campaign impersonating the British postal carrier, Royal Mail, to distribute Prince ransomware.
The Prince ransomware attack started with attackers impersonating Royal Mail, utilizing public contact forms on targeted organizations’ websites to send misleading emails. These emails contained a PDF that linked to a Dropbox-hosted ZIP file, luring victims into downloading it.
Inside the ZIP file was a second password-protected ZIP, along with a text file disclosing the password, which created a false sense of security for the victims.
Once opened, a shortcut file executed obfuscated JavaScript code that created several files in the system’s temporary directory. This code utilized PowerShell scripts to bypass security measures and establish persistence, running every 20 minutes while the computer was idle.
When the ransomware was executed, it encrypted victims’ files with a “.womp” extension and displayed a fake Windows Update splash screen to obscure its malicious activity.
A ransom note on the desktop demanded payment of 0.007 Bitcoins (around $400) for decryption. However, the analysis revealed that the ransomware had no decryption mechanism or data exfiltration capability, suggesting it was designed for destruction rather than profit.
Critically, there are no decryption mechanisms or capabilities for data exfiltration in this campaign, making it more destructive than typical ransomware. The lack of unique identifiers in the ransomware’s coding suggests that even if victims pay the ransom, there is no guarantee of file recovery.
Proofpoint did not attribute this malicious activity to any specific threat actor. The open-source nature of the Prince ransomware allows various actors to modify and deploy it freely. The creator, known as SecDbg, openly offers modifications for bypassing security measures, further complicating attribution efforts.
This incident underscores the evolving landscape of ransomware threats. Although such attacks typically do not originate directly from emails, the use of contact forms as a delivery method reflects a broader trend.
This is particularly concerning as postal services such as Royal Mail, UPS, and FedEx are regularly impersonated by malicious actors. Customers often receive fraudulent phone calls, text messages, and emails that seem to be official communications but are actually scams, as noted by The Record .
To help combat this issue, Royal Mail offers a useful list of common scams that exploit their brand .
Organizations are urged to train their employees to recognize suspicious communications and to report any anomalies to internal security teams. As cyber threats grow increasingly sophisticated, vigilance and education are key to preventing potential breaches.
Image from Freepik
Benefits Of Gaming For Professional Skill Growth
- Written by Kiara Fabbri Former Tech News Writer
- Fact-Checked by Justyn Newman Former Lead Cybersecurity Editor
In a Rush? Here are the Quick Facts!
- Gaming builds critical cognitive and emotional skills for workplace success.
- Video games improve memory and decision-making, valuable in hiring candidates.
- Employers should consider gaming experience in hiring for better performance.
A report published today by the Harvard Business Review (HBR) highlights how gaming can develop critical skills such as cognitive, social, and emotional intelligence, which are increasingly relevant to organizational success.
Traditionally viewed as a sign of disengagement, gaming is now being recognized for its ability to build skills that rival those developed through sports, volunteering, or other hobbies. According to the report, these skills are vital for navigating today’s fast-paced, complex work environments.
The report highlights the benefits of different types of games. Board games, for instance, encourage social interaction, cooperation, and competition.
Tabletop role-playing games (TTRPGs) like Dungeons & Dragons (D&D) build creativity, teamwork, and empathy. The HBR states that research shows that regular D&D players experience less anxiety, and greater emotional stability.
This challenges the stereotype of gamers as socially awkward introverts. In fact, gamers often score higher in emotional resilience and adaptability than non-gamers, as noted by the HBR.
Recent studies reveal that video games enhance cognitive skills like perception, attention, and multitasking. Gamers consistently demonstrate faster reaction times, improved spatial awareness, and stronger problem-solving abilities, which often translate into real-world tasks.
According to the HBR, video games also boost memory, decision-making, stress management, and resilience. The authors argue that these skills are increasingly valuable for workplace success
Additionally, a recent study reported a correlation between video game play and improved psychological well-being .
The article urges employers to reconsider their attitudes toward gaming. The HBR recommends asking job candidates about their gaming experience and how it might contribute to their work performance.
Additionally, incorporating gaming-related activities in the workplace, such as game nights or professional development based on gaming, could help destigmatize gaming culture. The HBR argues that normalizing gaming fosters inclusivity and enables organizations to identify and leverage the diverse skills that gaming can contribute to the workforce.
As AI and simulations gain traction in business, the report concludes that recognizing gaming’s value can unlock a diverse pool of talent equipped with vital skills for modern organizational challenges.
