RansomwareNewz Desk – Equifax And FedEx Are Fed Up


FedEx may have acquired Dutch shipping company TNT Express last year, but we here at the RansomwareNewz Desk have always wanted FedEx to merge with rivals UPS so they can re-name their company in line with how their parcel-less customers often feel – FedUp. 

Their employees look more happy with the news, though…

Joking aside, FedEx now have a much better reason to be fed up – the Memphis-based delivery company has revealed that this summer’s NotPetya ransomware attack (which used a Windows exploit stripped from an NSA leak) that affected newly acquired TNT Express may cost them a staggering $300 million.


From FedEx to Equifax now… Equifax have been making more headlines than corduroy pillows – even making it onto our old friend Stephen Colbert’s Late Show.

While not as impressive as Yahoo’s ONE BILLION USERS which were affected by a digital burglary Equifax’s data breach led to over 143 million people’s confidential information being stolen, including names, addresses, credit card, social security and driving license numbers. Equifax have quite rightly come under fire for waiting five weeks before reporting the hack.

But in the weeks since the Atlanta consumer credit reporting agency was hacked, things have only become worse – people who have frozen their credit files (and then had to pay Equifax for the privilege) have been issued with a PIN number by Equifax, only it isn’t really a PIN number at all – it’s a timestamp and for any hacker worth their salt, a PIN code made up from the MMDDyyHHmm format is a lot easier to hack into than a randomly generated, 10-digit number.

But that’s not all – Equifax tried to right their wrong, by setting up a help site for the one out of two American citizens affected – www.equifax2017, they set it up on a different domain server, which was then copied by phishing hackers at www.securityequifax2017.com – a move that even had Equifax’s own customer services directing customers to the fake, phishing site. If it wasn’t so serious, it would be funny.

If this isn’t a wake-up call to the digital security world, we don’t know what is, in the meantime, if you think you may be one of the one in two Americans affected by the Equifax breach, you can visit www.pleasestealmyidentitynow.com

And this just in… San Francisco’s City Attorney is suing Equifax on behalf of California’s 15 million residents who were affected by the hack.


Hot on the news that each episode of the final season of Game of Thrones will cost a staggering $15 million dollars, fifteen million isn’t the only thing that links the show to hacking and Ransomware.

You may remember that hackers leaked several episodes of season seven after gaining entry to HBO servers and demanding cold, hard cash to stop them from releasing them a week early. But it seems the show isn’t just popular with blackmailers, it’s also the preferred choice of the recent Locky Ransomware authors…

The group behind the Locky malware – whose distribution methods include exploit kits, Word/Excel attachments with malicious macros, DOCM attachments and zipped JS Attachments and uses RSA-2048 + AES-128 cipher with ECB mode to encrypt files – have punctuated their scripts with characters and references to the show within Visual Basic script that comes part of a ZIP or RAR archive attached to email spam.

If users open these emails, download the archive, and run the VB script contained within, the file would download and install the Locky ransomware.

Though their spelling leaves much to be desired, variable names found in this Visual Basic script reference “Aria,” “SansaStark,” “RobertBaration,” “JohnSnow,” or “HoldTheDoor” (Hodor)

We expect their next malware to include a cameo from Ed Sheeran. You’ll recognize it cos it will stick out like a sore thumb.


Notice how one common theme keeps popping up in most of our RansomwareNewz stories? Read through this article and you’ll spot two examples already – “Windows” and “Word and Excel attachments”. Well, there’s a good reason for that…

It’s because a whopping 99% of Ransomware targets Microsoft products. Yes, there are variants that attack your Mac and Linux systems, but Macs remain “virtually untouched” by the ransomware that was examined by one Threat Analysis Unit which analyzed more than 1,000 ransomware samples, categorizing them into 150 Ransomware families.

One can’t ignore the fact that Microsoft’s market share is much bigger than any other, especially in the business world, so that will affect the numbers but many of the ransomware attacks studied used trusted tools like Microsoft’s PowerShell to slip past antivirus software.

Microsoft promised to integrate some interesting security-related changes, including exploit protection into its Windows Defender software in Windows 10, which should help prevent viruses and malware from exploiting vulnerabilities.

Its latest September 25th, 2017 release – Windows 10, build 1703 (10.0.15063.632) sounds more like the Starship Enterprise registry number but it seems, just as Westeros needs a magic Wall to protect it from The White Walkers, Bill Gates needs to install some better gates… or a fire-and-ice wall.

We’ll be back with even more fabulous mixed metaphors next week! Until then, stay safe and wrap up warm as winter is coming.



  1. Pingback: Ransomware Newz
  2. Pingback: Ransomware Newz

Leave a Reply

Your email address will not be published. Required fields are marked *