InfoSec Round-Up: June 12th 2020

Play Video

Tax Refund Scams, Zoom Encryption and Fake Ransomware Decryptor

This is the Hut Six InfoSec Round-Up, where we look at some of the most pressing matters, latest trends, and industry news from across the world of information security.

This week we are looking at. Zoom’s latest encryption update, a fake ransomware decryptor and tax refund scams claim yet more victims. Welcome to the Hut Six Infosec Round-Up.

Fake Ransomware Decryptor Targets Victims

Cyber criminals have published a fake ransomware decryption tool which doubly encrypts the data of unsuspecting victims with software known as Zorab.

The software, which purports to decrypt files affected by the STOP Djvu ransomware, is designed to mimic already publicly available software created by the company Emsisoft.

Though the STOP strain of ransomware may not be well-known, it is likely the most actively distributed ransomware of the past twelve months, which is perhaps why victims have been retargeted.

Threat analyst at Emsisoft, Brett Callow has stated “unfortunately, criminals often create fake versions of popular software in order to spread malware, and they have now created a fake version of our decryptor to do just that.”

Callow added, “running the fake tool will not recover data that was encrypted by STOP, it will actually encrypt it for a second time.”

With these new tactics emerging, users who have been affected by ransomware are advised to be particularly careful, and as with downloading any software and executable files, be wary of their origin and understand how they may affect your data.

Zoom Announces New Policy on End-to-End Encryption

The newly crowned Monarch of video conferencing, Zoom, has announced it will be providing end-to-end encryption to users, though only to those who pay.

In what has been something of a meteoric rise, Zoom has faced a good deal of criticism regarding the platform’s security. With Zoom-bombing entering into the vocabulary, as well as dubious claims about encryption, the platform has now announced a move to make encrypted chats available to paid users.

Contextualized by the ongoing discussion regarding unbreakable encryption in consumer communication tools, Zoom CEO Eric Yuan has stated that free users will  not be offered the same features as “[Zoom] also wants to work together with [the] FBI” with cases of criminal activity.

Met with criticism from some, users seem undeterred, with the platform now hosting as many as 300 million daily users, a 2900% increase since December.

HMRC Phishing Campaign Targets Self-Employed

It has been reported that a flurry of SMS phishing texts have been sent to self-employed workers in the UK.

Following the announcement of an extension to the Self-Employment Income Support Scheme (SEISS), around 100 workers have received messages, purportedly from HMRC, telling them that they are eligible for a tax refund.

The link contained within, redirects users to a scam website which prompts users to input their official HMRC log-in details.

With the amount of phishing emails reported to Her Majesty’s Revenue Customs skyrocketing to over 42,000 in March alone, HMRC continues to reiterate they will never email, text or message individual taxpayers to offer a rebate or refund.

As of 5th June, the UK’s Action Fraud has reported that victims of coronavirus-related scams have now lost upwards of £5 million.

Amounting to 2,204 individual victims, authorities continue to warn the public to be particularly wary of phishing emails.

Thank you for reading this edition of Infosec Round-Up. Please be sure to subscribe to the Hut Six YouTube Channel to keep up to date with the latest news and see all our latest information security videos.

Security Awareness for your Organisation

Enjoyed our blog? Learn more about how Hut Six can help improve you security awareness with training and simulated phishing. Start a free trial now, or book a meeting with one of our experts.


How to improve your password security

How Secure is Your Password Process?

How Secure is your Password Process? Password security blog from Information Security Awareness Training provider Hut Six Security.

Data Protection Act Updates to Coverage

Who Does the Data Protection Act Apply To?

Who Does the Data Protection Act Apply to? Blog by Information Security Awareness Training and phishing simulator provider Hut Six Security

InfoSec Round-Up: June 5th 2020

InfoSec Round-Up: June 5th 2020 - Hut Six

REvil Ransomware, Apple Bug Bounty & UK Gov Contact Tracing – Infosec Round-Up, June 5th 2020

Social Engineering Methods

Why Social Engineering Works

What Social Engineering Methods do attackers use to get your personal information? Blog by Information Security Awareness Training provider Hut Six Security

Data Protection by the Numbers

What Year Was the Data Protection Act Introduced?

What Year Was the Data Protection Act Introduced? Blog by Information Security Awareness Training provider Hut Six Security.

InfoSec Round-Up: May 29th 2020

InfoSec Round-Up: May 29th 2020 - Hut Six

GitLab Phishing, Red Cross Cybersecurity, and easyJet Lawsuit - Infosec Round Up, May 29th 2020

Data Protection Principles

How Does the Data Protection Act Protect your Rights?

How Does the Data Protection Act Protect your Rights? Blog by information security awareness training provider Hut Six Security.

Ransomware Explained

How a Ransomware Attack Works

Knowing how a ransomware attack works is the key to avoiding them and the damage they can pose to your organisation. Blog by Hut Six Security.

Hut Six Staff Snippets: Handling Sensitive Information

Hut Six Staff Snippets: Handling Sensitive Information - Hut Six

Luke talks about his favourite Information Security tutorial, Handling Sensitive Information. Information Security video by Hut Six Security.

InfoSec Round-Up: May 22nd 2020

InfoSec Round-Up: May 22nd 2020 - Hut Six

Cryptomining hijack, EasyJet Hack and NHS Failing audits - InfoSec Round-Up, May 22nd 2020