WatchPoint Security Blog

Death of Aaron Hernandez Exploited by Ransomware Cybercriminals

Written by Chris Hartwig | April 21, 2017

Cybercriminals stooped to new lows this week after the death of Aaron Hernandez. It was reported yesterday that the former New England Patriots tight end and convicted murderer committed suicide in his jail cell. Aaron took his life the same day the 2017 Super Bowl champion New England Patriots were invited to meet with President Donald Trump in the White House. The fall from grace of Aaron Hernandez was widely recounted in the news media starting June 26, 2013, with his arrest and charge of murder for the death of Odin Lloyd. Things never got better for Aaron. Just one day before his alleged suicide Hernandez was charged with two previous murders and implicated in the shootings of three other individuals in two separate incidents dating back to when Aaron attended college.

Tragedy to Personal Gains

It’s high profile incidents like this that attract the attention of cybercriminals looking to exploit tragedy for personal gains. The deaths of celebrities are widely covered by the media, and a large majority of Americans recognize the name Aaron Hernandez and associate him with his success with the New England Patriots and the murder trials that later followed. It’s only natural for people who have been captivated by Hernandez’s career and his subsequent loss of respect and prestige to research and read his story. If these same people receive an email with what appears to be a news report about Hernandez, they are likely to click attachments or visit URLs in the emails to read the news.

How Many of Your Employees Will Get Phished Today?

Knowing there is widespread interest in Aaron Hernandez, it took cybercriminals less than one day to craft phishing emails and create compromised websites. Clicking the email attachments will lead to ransomware infections and so will simply visiting a compromised website. There is no need to click anything when the cybercriminals use advanced fileless malware to infect visitors to their fake website.

How to Safely Download Software

Educate Your Employees

WatchPoint suggests that you make employees aware of the attempted exploits of cybercriminals and have a discussion about “what not to do” to avoid becoming a victim of a phishing attack. It is important that employees understand how cybercriminals use advanced phishing techniques and malicious URLs to dupe readers into launching a ransomware infection against their company.

We suggest you email all your employees whenever a high-profile event like the death of Aaron Hernandez or other celebrities occurs. Previous phishing campaigns exploited the deaths of Robin Williams, Prince, Whitney Houston and Michael Jackson. Here is an example of an actual phishing attempt that occurred shortly after the death of Michael Jackson.


To: <redacted> 
Subject: Confidential===Michael Jackson 
Date: Thu, 25 Jun 2009 19:25:50 –0400

Vital informations after the death of Michael Jackson’s I really need some one trusted & secrective to speak with with informations i have in my possession before its too late Kindly reply me and i will immediately respond back,Its for just secret between both of us.

This is an obvious phishing attempt created by a cybercriminal with a very poor grasp of the English language. Not all phishing attempts will be this easy to detect.

Discuss High Profile Events

Please email all your employees, family and friends today and let them know the threat cybercriminals and ransomware pose. I suggest an email such as this:

Deaths of celebrities are highly publicized and attract readers to websites all over the world, looking for news and information about what happened to their beloved athlete, musician or actor. It is important that you know that cybercriminals are also aware of these high-profile events and will attempt to exploit everyone who might be interested in learning about them. The typical methods of attack include phishing emails that contain attachments that can infect your workstation and network shares with data encrypting ransomware. Once the data is encrypted the only way to get it back is to pay the cybercriminals hundreds and possibly thousands of dollars for a decryption key that might not work.

You can help fight these cybercriminals by following a few simple best practices. Do not visit unfamiliar websites. Your workstation could be infected with malware, or your identity may be stolen just by visiting the website. No clicking is required with advanced fileless malware. If you need information on these important events please only visit reliable, reputable sites and always be wary of clicking links in websites.

With a little end user training and layers of network security, you can stop cybercriminals in their tracks. To learn how to stop ransomware attacks after they have penetrated your traditional defenses, WatchPoint suggests protecting your servers and workstations with CryptoStopper.