Proofpoint security firm has detected the CrypFile2 ransomware being distributed via a huge stream of spam email messages.
Only in the course of a week, from August 3rd to 9th, hundreds of thousands of attacks occurred, mostly against American educational institutions and government agencies. The spam flood was strongest during the first day, after which it slowed down, but still remained noticeable.
State and local government agencies and K-12 educational institutions were the ones to experience most of the spam email attacks. However, they weren’t the only targets on the CrypFile2`s black list. Organizations from the healthcare sector, telecommunications companies, post-secondary educational institutions, technology firms and insurance companies were also affected but in a much lesser degree than the other three.
CryptFile2 is to be held responsible for all these attacks. It`s a not-well-known piece of ransomware as it was first detected in March. It is known, though, to be a part of the CrypBoss ransomware family, just like HydraCrypt and UmbreCrypt. Unfortunately, researchers haven`t found way to decrypt it yet, in comparison to HydraCrypt and UmbreCrypt which have already been cracked.
Since it was spotted for the first time, CrypFile2 seems to have been updated and modified, but its general mode of operation has remained the same.
The most significant change the ransomware has received is in regards of its distribution technique. Before, CrypFile2`s operator used exploit kits like Nuclear and Neutrino to infect users with the ransomware via drive-by download attacks.
Now, on the other hand, the crooks have chosen to spread their malware via numerous spam email messages. The messages are mostly themed on free flights and discounts from American Airlines to lure the victims to open them. They contain Office files packed with malicious macro scripts and when these files are opened the scripts are being executed. Once running, the macro scripts would download and install the CryptFile2 ransomware onto the victim`s computer.
