Beware of Fake Outlook Troubleshooting Calls that Ends Up In Ransomware Deployment

A sophisticated cyber threat has emerged in recent weeks, targeting unsuspecting users with fake Outlook troubleshooting calls. To protect yourself from fake Outlook troubleshooting scams, always verify the caller’s identity, as legitimate companies like Microsoft will not contact you unexpectedly for issue resolution. With years of experience under his belt in Cyber Security, he is covering Cyber Security News, technology and other news. Cyber Security News is a Dedicated News Platform For Cyber News, Cyber Attack News, Hacking News & Vulnerability Analysis. By understanding how these attacks work and following best security practices, individuals can significantly reduce their risk of falling victim to ransomware and other malicious schemes. The scam involves a malicious binary named CITFIX#37.exe, which is masquerading as a legitimate tool derived from the Sysinternals Desktops utility. The malware installation process show how the attackers use these fake certificates to deceive users into trusting the software. Cybersecurity researchers at Deutsche Telekom CERT noted that the scam begins with a call from individuals claiming to be from Microsoft or another reputable tech company. This binary is signed with fake digital certificates, making it appear legitimate at first glance. Once installed, the malware can lead to ransomware deployment, encrypting the user’s files and demanding payment in exchange for the decryption key. Tushar is a Cyber security content editor with a passion for creating captivating and informative content. These calls, designed to appear legitimate, ultimately lead to the deployment of ransomware on the victim’s system. Once the user grants access to their computer, the attackers download and install the CITFIX#37.exe malware. Keeping your antivirus software up to date ensures better protection against emerging threats, while regularly backing up your data can help prevent loss in case of an attack. Instead, it uses malicious code signers such as Cascade Tech-Trek Inc., AM MISBAH Tech Inc., and KouisMoa MegaByte Information Technology Co., Ltd.

This Cyber News was published on cybersecuritynews.com. Publication date: Mon, 17 Feb 2025 08:35:08 +0000

Cyber News related to Beware of Fake Outlook Troubleshooting Calls that Ends Up In Ransomware Deployment

Beware of Fake Outlook Troubleshooting Calls that Ends Up In Ransomware Deployment - A sophisticated cyber threat has emerged in recent weeks, targeting unsuspecting users with fake Outlook troubleshooting calls. To protect yourself from fake Outlook troubleshooting scams, always verify the caller’s identity, as legitimate ...
3 days ago Cybersecuritynews.com

Microsoft fixes Outlook Desktop crashes when sending emails - Microsoft has fixed a known issue causing Outlook Desktop clients to crash when sending emails from Outlook.com accounts. These problems were first reported on Microsoft's community website and other social networks by customers saying they were ...
1 year ago Bleepingcomputer.com

Microsoft: Outlook clients not syncing over Exchange ActiveSync - Microsoft warned Outlook for Microsoft 365 users that clients might have issues connecting to email servers via Exchange ActiveSync after a January update. Exchange ActiveSync is an Exchange synchronization protocol using HTTP and XML to let users ...
1 year ago Bleepingcomputer.com

Hive Ransomware: A Detailed Analysis - This past week, on January 26th, to be exact, the FBI successfully shut down the Hive ransomware group and saved victims over a hundred million dollars in ransom payments and remediation costs. As ransomware continues to be a national security threat ...
2 years ago Heimdalsecurity.com

Ransomware Roundup - The Ransomware Roundup report aims to provide readers with brief insights into the evolving ransomware landscape and the Fortinet solutions that protect against those variants. This edition of the Ransomware Roundup covers the 8base ransomware. 8base ...
1 year ago Feeds.fortinet.com

Medusa Ransomware Turning Your Files into Stone - Unit 42 Threat Intelligence analysts have noticed an escalation in Medusa ransomware activities and a shift in tactics toward extortion, characterized by the introduction in early 2023 of their dedicated leak site called the Medusa Blog. The Unit 42 ...
1 year ago Unit42.paloaltonetworks.com

The Top 10 Ransomware Groups of 2023 - This article takes an in-depth look at the rise in ransomware attacks over the past year and the criminal groups driving the surge in cyber extortion. LockBit has established itself as one of the most notorious ransomware operations since emerging on ...
1 year ago Securityboulevard.com

Microsoft fixes connection issue affecting Outlook email apps - Microsoft has fixed a known issue causing desktop and mobile email clients to fail to connect when using Outlook.com accounts. More details on how to use app passwords with apps without two-step verification support can be found in this support ...
1 year ago Bleepingcomputer.com

Microsoft Outlook December updates trigger ICS security alerts - Microsoft is investigating an issue that triggers Outlook security alerts when trying to open. ICS calendar files after installing December 2023 Patch Tuesday Office security updates. The company also revealed that the security warning will be ...
1 year ago Bleepingcomputer.com

Ransomware Roundup - On a bi-weekly basis, FortiGuard Labs gathers data on ransomware variants of interest that have been gaining traction within our datasets and the OSINT community. The Ransomware Roundup report aims to provide readers with brief insights into the ...
1 year ago Feeds.fortinet.com

Declining Ransomware Payments: Shift in Hacker Tactics? - Several cybersecurity advisories and agencies recommend not caving into ransomware gangs' demands and paying their ransoms. It seems the tide is turning, with a decline in ransomware payments; this article explores the trend and what it might mean ...
1 year ago Securityboulevard.com

Ransomware trends and recovery strategies companies should know - Ransomware attacks can have severe consequences, causing financial losses, reputational damage, and operational disruptions. The methods used to deliver ransomware vary, including phishing emails, malicious websites, and exploiting vulnerabilities in ...
1 year ago Helpnetsecurity.com

Akamai discloses zero-click exploit for Microsoft Outlook - While examining a previous bypass mitigation, Akamai Technologies discovered two new Windows vulnerabilities that could allow an attacker to create a zero-click exploit against Microsoft Outlook clients. In a two-part report published Monday, Akamai ...
1 year ago Techtarget.com

KubeCon 2023: Securing Software Delivery and Deployment - Gopal Dommety: So Mitch, we started OpsMX with the vision to fully automate and secure software delivery. Gopal Dommety: And so we provide a deployment firewall. They tend to have large deployments, Fortune 10 kind of customers, that's what OpsMx. ...
1 year ago Securityboulevard.com

The Week in Ransomware - Earlier this month, the BlackCat/ALPHV ransomware operation suffered a five-day disruption to their Tor data leak and negotiation sites, rumored to be caused by a law enforcement action. The FBI revealed this week that they hacked the BlackCat/ALPHV ...
1 year ago Bleepingcomputer.com

Ransomware in 2023 recap: 5 key takeaways - This provides the best overall picture of ransomware activity, but the true number of attacks is far higher. While some ransomware trends hardly changed over the last year, such as LockBit's continued dominance, ransomware criminals also challenged ...
1 year ago Malwarebytes.com

Targeting homeowners' data - As these companies obtain a large amount of sensitive information from their customers, they become attractive targets for ransomware gangs to conduct double-extortion attacks. Finland is also warning of Akira ransomware increasingly targeting ...
1 year ago Bleepingcomputer.com

How ransomware gangs are engaging - As ransomware gangs continue to market themselves as legitimate businesses complete with customer service representatives, new research from Sophos showed that threat actors are expanding public relations efforts to further pressure victims into ...
1 year ago Techtarget.com

Key Group uses leaked builders of ransomware and wipers | Securelist - The first discovered sample of Key Group, the Xorist ransomware, established persistence in the system by changing file extension associations. The .huis_bn extension added to encrypted files in the early versions of Key Group samples, Xorist and ...
4 months ago Securelist.com

The Week in Ransomware - An international law enforcement operation claims to have dismantled a ransomware affiliate operation in Ukraine, which was responsible for attacks on organizations in 71 countries. The threat actors are said to be affiliates of numerous ransomware ...
1 year ago Bleepingcomputer.com

The Week in Ransomware - Governments struck back this week against members of ransomware operations, imposing sanctions on one threat actor and sentencing another to prison. On Tuesday, the Australian, US, and UK governments announced sanctions against Aleksandr Gennadievich ...
1 year ago Bleepingcomputer.com

Ransomware's Impact May Include Heart Attacks, Strokes & PTSD - First-order harms: Direct targets of ransomware attacks. The increasing convergence of IT and OT leave physical infrastructures more vulnerable to ransomware, even though most ransomware operators lack the capability to directly compromise OT or ...
1 year ago Techrepublic.com

Waiting for the BlackCat rebrand - We saw another ransomware operation shut down this week after first getting breached by law enforcement and then targeting critical infrastructure, putting them further in the spotlight of the US government. While the Tor onion domain seizure was a ...
11 months ago Bleepingcomputer.com

The Week in Ransomware - This week was pretty quiet on the ransomware front, with most of the attention on the seizure of the BreachForums data theft forum. That does not mean there was nothing of interest released this week about ransomware. A report by CISA said that the ...
9 months ago Bleepingcomputer.com

Latest Cyber News

Fedora Linux Kernel Vulnerability Let Attackers Gain Access to Sensitive Data - 15 minutes ago
Multiple NVIDIA CUDA Toolkit Vulnerabilities Let Attackers Trigger DoS - 29 minutes ago
Microsoft Power Pages 0-Day Vulnerability Exploited in the Wild - 55 minutes ago
APT-C-28 Group Launched New Cyber Attack With Fileless RokRat Malware - 56 minutes ago
Microsoft Admin Guide to Block & Remove Apps on Endpoints - 1 hour ago
AWS Key Hunter - A Free Automated Tool to Detect Exposed AWS keys - 1 hour ago
Symantec Diagnostic Tool Vulnerability Let Attackers Escalate Privileges - 1 hour ago
NSA Added New Features to Supercharge Ghidra 11.3 - 2 hours ago
New NailaoLocker ransomware used against EU healthcare orgs - 2 hours ago
Ghost Ransomware Compromised Organisations Across 70+ Countries - 2 hours ago
Windows Disk Cleanup Tool Vulnerability Exploited to Gain SYSTEM Privileges - 6 hours ago
Citrix NetScaler Vulnerability Allows Unauthorized Command Execution - 8 hours ago
Australian Infrastructure Faces 'Acute' Foreign Threats - 8 hours ago
Critical Microsoft Bing Vulnerability Let Attackers Execute Code Remotely - 9 hours ago
Hackers Weaponize Jarsigner App To Execute XLoader Malware - 9 hours ago
New Snake Keylogger Attacking Chrome, Edge, and Firefox Users - 10 hours ago
Insight Partners, VC Giant, Falls to Social Engineering - 11 hours ago
Russian Groups Target Signal Messenger in Spy Campaign - 12 hours ago
CVE-2023-51303 - 13 hours ago
CVE-2025-25196 - 13 hours ago

Cyber Trends (last 7 days)

Okta - 1 year ago
23andMe - 1 year ago
Kimsuky - 1 year ago
LogoFAIL - 1 year ago
Gh0st rat - 1 year ago

Trending Cyber News (last 7 days)

Fedora Linux Kernel Vulnerability Let Attackers Gain Access to Sensitive Data - 15 minutes ago
Multiple NVIDIA CUDA Toolkit Vulnerabilities Let Attackers Trigger DoS - 29 minutes ago
APT-C-28 Group Launched New Cyber Attack With Fileless RokRat Malware - 56 minutes ago
Microsoft Power Pages 0-Day Vulnerability Exploited in the Wild - 55 minutes ago
Microsoft Admin Guide to Block & Remove Apps on Endpoints - 1 hour ago
AWS Key Hunter - A Free Automated Tool to Detect Exposed AWS keys - 1 hour ago
Symantec Diagnostic Tool Vulnerability Let Attackers Escalate Privileges - 1 hour ago
NSA Added New Features to Supercharge Ghidra 11.3 - 2 hours ago
New NailaoLocker ransomware used against EU healthcare orgs - 2 hours ago
Ghost Ransomware Compromised Organisations Across 70+ Countries - 2 hours ago
Content Credentials Show Promise, But Ecosystem Still Young - 14 hours ago
Windows Disk Cleanup Tool Vulnerability Exploited to Gain SYSTEM Privileges - 6 hours ago
Citrix NetScaler Vulnerability Allows Unauthorized Command Execution - 8 hours ago
Australian Infrastructure Faces 'Acute' Foreign Threats - 8 hours ago
Critical Microsoft Bing Vulnerability Let Attackers Execute Code Remotely - 9 hours ago
Hackers Weaponize Jarsigner App To Execute XLoader Malware - 9 hours ago
New Snake Keylogger Attacking Chrome, Edge, and Firefox Users - 10 hours ago
CVE-2025-26466 - 2 days ago
CVE-2024-45775 - 1 day ago
CVE-2024-45776 - 1 day ago