A new phishing campaign is sending thousands of ominous-looking emails which contain links and personal information to trick victims into installing a brand new type of malware.
It looks like the email comes from a legitimate email address and domain name, and raises very few irregularities. The email includes a demand for money for an arbitrary service, along with a link which purports to be an “overdue invoice.”
If you click the link and open the file, you’ll become the latest victim of ransomware. This malware encrypts your files and locks you out of your PC until you pay the demanded ransom. The longer you wait, the larger the ransom becomes.
A couple of days ago, a PC user received an email, which included his home address from some eight years earlier. There was not much to think about, however, then the BBC News reported that some of their staffers had also received similar looking emails. After contacting the company named in the email which demanded money, that was purportedly owed.
“We’re just as much victims as those who got the emails,” said a person at the company.
The Ludlow, UK-based company said that they began receiving phone calls and emails earlier this week, but stressed that the phishing emails were not from the company.
According to BBC, some other companies were also implicated by the scam. BBC reported that they had “more than 150 calls from people who don’t owe us money.”
The company had no idea how the hackers got people’s home addresses, but said that they had reported the incident to police.
The executive vice-president and chief security architect at security firm Bromium, Rahul Kashyap wrote that the attacker was using a “classic social engineering” technique by trying to “gain credibility by providing some reliable data that the potential victims can relate to.”
“It appears that the scammers are leveraging some sort of database that has home addresses publicly available and using this for the scam,” Kashyap explained.
Cyber criminals are moving away from enticing victims into entering their username and passwords on bogus websites in order to take over accounts. Apparently, they’re turning to ransomware that has a much higher return.
The tests in CNET’s lab in New York showed that the malware used in this ransomware attack is a variant called Maktub Locker. It is described as a “beautiful and dangerous” kind of ransomware.
According to the senior threat intelligence analyst at Dutch security firm Fox-IT, Yonathan Klijnsma the fact that the malware doesn’t need an internet connection is “pretty significant,” not least because network detection systems wouldn’t be effective.
“It means you can retrieve your mail, step on a plane, open your mail and still get hit,” he said.
The FBI reported that last year one popular variant of ransomware has cost business tens of millions in damages for lost files.
Recently, the federal agency have called on US businesses in a flash advisory in order to help agents investigate the increasing kind of malware.