Cyber Security Today, Feb. 25, 2022 – A new ransomware strain found, watch for double backdoors, a new sextortion tactic and more

A new ransomware strain found, watch for double backdoors, a new sextortion tactic and more

Welcome to Cyber Security Today. It’s Friday, February 25th. I’m Howard Solomon, contributing reporter on cybersecurity for

Cyb er Security Today on Amazon Alexa Cyber Security Today on Google Podcasts Subscribe to Cyber Security Today on Apple Podcasts


A new ransomware strain has been spotted. Researchers at Sophos have dubbed it Entropy. The significant thing I found in the report was how the attackers first got into victims’ IT systems. In one case they exploited a known vulnerability in a Microsoft Exchange Server called ProxyShell. In the second case an employee clicked on a malicious email attachment that led to the delivery of the Dridex malware and ultimately the ransomware. There’s two lessons here: In both cases attackers took advantage of vulnerable Windows systems that lacked current patches and updates. That’s why fast patching is vital. And if employees had been required to use multifactor authentication it would have made things harder for the attackers.

The installation of a backdoor into IT networks by hackers isn’t new. But researchers at Palo Alto Networks have discovered something that is: Installing a backup backdoor in case the primary one is removed. The researchers dub this secondary backdoor SockDetour because it hijacks the internet connection of an existing network socket. As a result it’s hard to detect. The hacker or hackers using this tool may be associated with an attack campaign that’s been going on against organizations in the technology, energy, healthcare, education, finance and defence sectors. In one case the server that hosted a SockDetour backdoor was a compromised storage devices from QNAP. One defence: Keep Windows servers up to date with the latest patches. Some anti-malware software may detect this backdoor running in memory.

Hackers are sending threatening sextortion emails to people in France. The message claims to be from a government agency that has video evidence of a victim’s visits to a porn site. It demands payment of a fine. This uses a tactic that attackers may try in other countries: Embedding an image of a fake but official-looking government document that isn’t detected by email spam filters. Threatening email messages should be reported to police.

Finally, owners of recent Samsung Galaxy S-series smartphones should make sure the devices have the latest security updates. This comes after Israeli researchers said they found Samsung didn’t properly implement encryption protection. Fortunately, the researchers told Samsung about this over a year ago and patches were released last August and October. If you haven’t installed updates in a while, your data and communications may have been at risk.

Don’t forget later today the Week in Review podcast will be out. Today’s guest commentator is ransomware expert Brett Callow of Emsisoft.

Remember links to details about podcast stories are in the text version at

You can follow Cyber Security Today on Apple Podcasts, Google Podcasts or add us to your Flash Briefing on your smart speaker.

Would you recommend this article?


Thanks for taking the time to let us know what you think of this article!
We'd love to hear your opinion about this or any other story you read in our publication.

Jim Love, Chief Content Officer, IT World Canada
Howard Solomon
Howard Solomon
Currently a freelance writer. Former editor of and Computing Canada. An IT journalist since 1997, Howard has written for several of ITWC's sister publications, including Before arriving at ITWC he served as a staff reporter at the Calgary Herald and the Brampton (Ont.) Daily Times.

Follow this Cyber Security Today

More Cyber Security Today