InfoSec Round-Up: June 12th 2020

Tax Refund Scams, Zoom Encryption and Fake Ransomware Decryptor

This is the Hut Six InfoSec Round-Up, where we look at some of the most pressing matters, latest trends, and industry news from across the world of information security.

This week we are looking at. Zoom’s latest encryption update, a fake ransomware decryptor and tax refund scams claim yet more victims. Welcome to the Hut Six Infosec Round-Up.

Fake Ransomware Decryptor Targets Victims

Cyber criminals have published a fake ransomware decryption tool which doubly encrypts the data of unsuspecting victims with software known as Zorab.

The software, which purports to decrypt files affected by the STOP Djvu ransomware, is designed to mimic already publicly available software created by the company Emsisoft.

Though the STOP strain of ransomware may not be well-known, it is likely the most actively distributed ransomware of the past twelve months, which is perhaps why victims have been retargeted.

Threat analyst at Emsisoft, Brett Callow has stated “unfortunately, criminals often create fake versions of popular software in order to spread malware, and they have now created a fake version of our decryptor to do just that.”

Callow added, “running the fake tool will not recover data that was encrypted by STOP, it will actually encrypt it for a second time.”

With these new tactics emerging, users who have been affected by ransomware are advised to be particularly careful, and as with downloading any software and executable files, be wary of their origin and understand how they may affect your data.

Zoom Announces New Policy on End-to-End Encryption

The newly crowned Monarch of video conferencing, Zoom, has announced it will be providing end-to-end encryption to users, though only to those who pay.

In what has been something of a meteoric rise, Zoom has faced a good deal of criticism regarding the platform’s security. With Zoom-bombing entering into the vocabulary, as well as dubious claims about encryption, the platform has now announced a move to make encrypted chats available to paid users.

Contextualized by the ongoing discussion regarding unbreakable encryption in consumer communication tools, Zoom CEO Eric Yuan has stated that free users will  not be offered the same features as “[Zoom] also wants to work together with [the] FBI” with cases of criminal activity.

Met with criticism from some, users seem undeterred, with the platform now hosting as many as 300 million daily users, a 2900% increase since December.

HMRC Phishing Campaign Targets Self-Employed

It has been reported that a flurry of SMS phishing texts have been sent to self-employed workers in the UK.

Following the announcement of an extension to the Self-Employment Income Support Scheme (SEISS), around 100 workers have received messages, purportedly from HMRC, telling them that they are eligible for a tax refund.

The link contained within, redirects users to a scam website which prompts users to input their official HMRC log-in details.

With the amount of phishing emails reported to Her Majesty’s Revenue Customs skyrocketing to over 42,000 in March alone, HMRC continues to reiterate they will never email, text or message individual taxpayers to offer a rebate or refund.

As of 5^th June, the UK’s Action Fraud has reported that victims of coronavirus-related scams have now lost upwards of £5 million.

Amounting to 2,204 individual victims, authorities continue to warn the public to be particularly wary of phishing emails.

Thank you for reading this edition of Infosec Round-Up. Please be sure to subscribe to the Hut Six YouTube Channel to keep up to date with the latest news and see all our latest information security videos.