1. Welcome Guest! In order to create a new topic or reply to an existing one, you must register first. It is easy and free. Click here to sign up now!.
    Dismiss Notice

Ransomware email campaign targets government staff with lure of cheap flights

Discussion in 'General Malware And Security' started by starbuck, Aug 10, 2016.

  1. starbuck

    starbuck Rest In Peace Pete Administrator

    Joined:
    Sep 26, 2009
    Messages:
    3,830
    Location:
    Midlands, UK
    Operating System:
    Windows 10
    CPU:
    AMD Athlon II x2 250 Processor 3.00GHz
    Memory:
    8gb DDR3
    Hard Drive:
    500gb SATA
    Graphics Card:
    ASUS GeForce GTX 960 2gb
    Power Supply:
    650w PowerCool X-Viper
    A new CryptFile2 variant is sending hundreds of thousands of emails that try to tricks targets into clicking on malicious URLs.

    82f706877fb56dcdc993bedf5db3acfb.png

    A large-scale ransomware campaign is targeting US government agencies with hundreds of thousands of emails containing embedded malicious URLs, rather than the more common method of attaching infected files to the message.

    When it was first discovered by cybersecurity researchers in March, the CryptFile2 ransomware campaign behaved like other pieces of malware, spreading via exploit kits downloaded in infected files.
    But now Proofpoint researchers have observed that the ongoing campaign has adapted its techniques, delivering ransomware via embedded URL links -- a degree of targeting not used before.

    The new variant of CryptFile2 began appearing this month, using convincing-looking faked emails claiming to be from a legitimate travel website and offering deals on flights.
    But if a recipient clicks on the email link, they're directed to download Microsoft Word documents which then use social engineering techniques to trick the user into enabling malicious macros.

    94965debd292e7dee1dd943c71998088.png

    Once these macros are enabled, the ransomware payload is downloaded, and hackers demand payment in Bitcoin order to unencrypt the infected system.
    In the ransom note, the cybercriminals say there's no other way to regain access to the locked files except by making the payment and also threaten to double the ransom if the payment doesn't come quickly.

    Previously spread by Nuclear and Nutrino exploit kits, the new variant of the CryptFile2 campaign began on 3 August with hundreds of thousands of messages sent to targets, with thousands of additional emails being sent each following day.

    The campaign primarily targets state and local government agencies, although emails containing CryptFile2 have also been sent to education and healthcare providers.

    The lack of an email attachment makes it easier for the malicious message to get past anti-malware and spam filters.
    "The targeting in this campaign, made possible through email distribution, brings increased risks to public sector organizations that may be less equipped to detect and mitigate these kinds of threats," Proofpoint said.

    Cybersecurity researchers also warn that organisations that don't have the most up-to-date defences "may find themselves in the difficult position of having to pay the ransom, which carries its own set of risks" -- including not getting the files back, even if the ransom is paid.


    Source:
    http://www.zdnet.com/article/ransom...s-with-lure-of-cheap-flights/#ftag=RSSbaffb68
     
    starbuck, Aug 10, 2016
    #1

Share This Page