Security News > 2022 > January > New GootLoader Campaign Targets Accounting, Law Firms

Once prolific spreaders of REvil ransomware, the GootLoader malware gang has pivoted to actively targeting employees of law and accounting firms with malicious downloads.

The Threat Response Unit from eSentire issued an alert about having over the past three weeks observed GootLoader attacks on three law firms and one accounting firm.

"The law firm employees tricked by the malicious agreements were searching for common legal filings including"Post Nuptial Agreement," Model IP Agreement" and "Olympus Plea Agreement," according to the report.

The best way for accounting and law firms to protect their systems is to stop employees from downloading files from the web, the report added.

Law firms and accounting firms are prime targets for cyberattackers looking to capitalize on banking and other intensely sensitive data.

"All organizations, not just law firms and accounting firms, should have a vetting process for business agreement samples, gathered from the Internet, to ensure that they are not infected with malware," Keplinger advised "Employees should also be aware that GootLoader comes as a JavaScript file. While it is often disguised as a document, right clicking the downloaded file and clicking properties will show the real file type. Whenever downloading documents from the web, scripting files like.js,.ps1 and.cmd should never be executed."

News URL

https://threatpost.com/gootloader-accounting-law-firms/177629/