RansomHub-linked EDR-killing malware spotted in the wild

When

you can start pointing out without fear of reprisal, the culprits who keep opening those phishing e-mails the better.

A head of IT almost paid a 5K fee to someone spoofing the Chief Exec account, the HEAD OF IT!!!!! Until head of finance jumped in and spotted the spoofed address.

A head of HR who lied they hadn't clicked an attachment in an e-mail yet actually had, which I was able to prove several months later, god knows what that attachement fully did. I monitored it partly at the time as a lower down employee was honest that they'd clicked it, I saw it created a task schedule which probably would of kicked something off at some point. That was sat on the network for several months because the head of HR lied about not clicking it.

Directors using work e-mails for personal deliveries and other shit.

Chief Execs with weak passwords (granted, we should of put in stronger requirements but were blocked in doing so).

A staff member that replied to a phishing e-mail, carried it on via and text and paid 1K from their own money to buy the phishers Amazon vouchers (that was beyond stupid).

The same head of HR who said "I want to check if this is a phishing e-mail? I think it is but I never put in my password". It was an e-mail from themselves, so clearly it was fucking phishing, that's the first fucking clue. And the "I never put in my password". So I followed the link to discover you ONLY get asked for the password when you've given the phishing site your name and e-mail address! So they'd gone that far before thinking "This might be phishing".

The list goes on.

Jesus fucking christ!