Angler EK goes Fishing The Network: A well regarded private university with nationally ranked academic programs in the U.S. The Expectation: A layered defense from edge to endpoint is protecting the network. The Catch: Unsigned DLLs were executing on a faculty laptop in the AppData\Local\Temp, AppData\Local\Temp folder with names like api-ms-win-system-softpub-l1-1-0.dll. The Find: This was an exploit launched by a phishing email sent to the faculty member. The attachment was based on the CryptXXX Ransomware family. See for details. The Fix: Quarantine the infected laptop, and review email and browser logs to determine the attack vector. We would also suggest re-imaging the infected laptop before returning to service. Then you can educate the faculty member on phishing attacks and prevent. The Lesson: It’s a Mad, Mad, Mad, Mad World.