Week 22 in review

08.06.2021 - Last week, the number of incidents reported to the NCSC was low. There was good news for victims of Avaddon ransomware: the "No More Ransom" project published a decryption tool for this ransomware. Another noteworthy item was a fake competition spread via WhatsApp in which people could apparently win a Rolex watch. In addition, the NCSC received reports of a new tactic in fake support calls: instead of a phone call, victims received an email asking them to call back, ostensibly to update their Norton virus protection.

Current statistics

Reports per week during the last 12 months

Last week's reports by category

Hope for those affected by Avaddon ransomware

Avaddon ransomware has been active since June 2020. As well as encrypting and stealing data, the software specialises in deleting as many backups and shadow copies as possible, and even the data in the victim's electronic trash. This makes it virtually impossible for the victims to restore their data after it has been encrypted.

The "No More Ransom" project, in which Europol's European Cybercrime Centre (EC3) is involved, has now published a decryption tool which makes it possible to restore data that has been encrypted by the ransomware.
Initiative website:
https://www.nomoreransom.org/en/decryption-tools.html

However, data encryption is only part of the ransom attack. The perpetrators behind Avaddon also threaten to publish the data, and have even set up a dedicated website. If the victim is unwilling to pay, they threaten to launch a denial of service (DoS) attack to paralyse the victim's infrastructure.

As ransomware attackers now specialise in not only encrypting data but also threatening to publish the data, the NCSC recommends that the victims should proactively inform all their partners whose data has been, or might have been, affected. Obviously, this also applies to customer data. The NCSC strongly recommends that the ransom should not be paid, as there is no guarantee that the data will not be passed around anyway. Moreover, another ransom attack at a later date cannot be ruled out. You should also take precautions to fend off a denial of service attack. You can find tips and information on dealing with ransomware and DDoS attacks on the NCSC website.


Fake Rolex competition sent via WhatsApp

Last week, the NCSC received numerous reports of a competition in which people could apparently win a Rolex watch. The corresponding link is spread via WhatsApp. 

WhatsApp message

When they follow the link, users are routed to a webpage where they have to answer a series of questions in order to win a Rolex watch. The participants can then choose a gift from a selection of nine. The first attempt always fails, but everybody gets a second chance, and then they all miraculously win a Rolex.

Homepage of supposed competition

To receive their watch, the victims are told to click on the green WhatsApp button (see screenshot). This generates a new WhatsApp message containing the fraudulent link that the victims are now supposed to forward to a contact. They have to do this 20 times.

Link that generates a WhatsApp message

Once the WhatsApp messages have been sent, the victims are routed to other fraudulent websites, ultimately leading to a subscription scam.

Through the use of WhatsApp, the fraudulent message is sent to countless potential victims without the fraudsters needing to do anything. This increases the chances of more people falling victim to the subscription scam.
However, it is important to note that the fraudsters have no idea to whom the WhatsApp message has been sent using this pyramid scheme.

If this message has been forwarded to you, we strongly recommend that you warn the sender. In general, you should never forward links from questionable sources. When you are on social media, do not follow any links that you have not requested or which have been forwarded to you without comment.

Fraudsters are using a new method for fake support calls

Recently, emails have been sent to Norton virus protection subscribers, requesting them to update their protection. When they phone the number, which has a US dialling code, the fraudsters attempt to gain control of the victim's computer and steal bank data.

Never give strangers access to your computer.

Last modification 08.06.2021

Top of page

https://www.ncsc.admin.ch/content/ncsc/en/home/aktuell/im-fokus/wochenrueckblick_22.html