Paradise ransomware is like a bad penny just keeps turning up.

The strain first appeared back in 2017, when it was spread far and wide via phishing emails. Then it seemed to fall out of favor for a while, and now, it's back again. Even worse, it's back with a new trick up its virtual sleeves. In its latest incarnation, it's still being spread via phishing emails.

Now, its controllers are leveraging interest in IQY (Query) files, which are text files read by Microsoft Excel to grab data from the internet. Given that fact, IQY is a completely legitimate file extension, so most organizations don't even think to block it.

Lastline researchers discovered the latest campaign for Paradise ransomware.

Why are IQY files being attacked?

"We're seeing attacks using IQY files because many commodity security products and automated systems do not, or cannot, parse these file types. Attackers realize they have a very good chance of making it past rudimentary defenses."

The approach seems to be working as Paradise's phishing emails are being opened by unsuspecting users at an alarming rate. Of interest, the researchers found evidence in the code that this strain is still a work in progress. Consider this latest campaign to be a beta test for the redesigned code.

Typical of malware testing

"Malware authors will often deploy malware that isn't quite ready for prime time yet - they want to see how successful early versions of a new campaign are and how detectable their malware is against security products."

Our perspective

As is the case with most ransomware, this one is designed to sniff out high-value files, exfiltrate them to a command and control center, then encrypt everything and demand a ransom. As such, it has to be regarded as a genuine threat and is certainly one to keep a watchful eye out for.

~ As Hill Street Blues' Sgt. Esterhaus always advised: "Hey, let's be careful out there! " ~


Meanwhile, check out this report

This free executive report may give you insights into how to build your business with safe IT environments: 10 Hidden IT Risks That Might Threaten Your Business and 1 Easy Way to Find Them

The author

Thanks for reading this short post. For more tips on thriving with small business technology, check out the other blog posts at DWPia Blogs. I am also available on LinkedIn, Facebook, and Twitter.

Cybersecurity Expert, Small Business Technology Consultant, Managed Services Provider, Managed IT SupportI am Denis Wilson, President and Principal Consultant for DWP Information Architects. I help professionals grow their business by building a foundation of rock-solid information solutions for smaller healthcare, insurance, financial, legal, and nonprofits firms in Ventura County and San Fernando Valley. And have created cost-effective IT solutions, for over 20 years, specializing in cybersecurity and regulatory compliance. I am also a published author and speaker, working extensively with a variety of organizations, as well as providing small business technology education programs through business and professional associations. This just in: I will be speaking regularly at California Lutheran University's Center for Nonprofit Leadership starting in September.

Contact me if you would like me to speak at your association