Beware of “Ransomware system update” emails!

2021-06-07 12:09

Emails referencing the Colonial Pipeline ransomware attack and looking like they've been sent from the corporate IT help desk have been hitting employees' inboxes and asking them to download and run a "Ransomware system update."

The emails look rather convincing: they look like they are coming from the company help desk staff, they contain no egregious grammar or spelling errors, and are quick to come to the point.

"The malicious emails were sent from newly created domains controlled by cybercriminals. The domain names, sufficiently plausible to appear legitimate, were nonetheless different enough so that garden variety anti-phishing software would not be able to use regular expression matching to detect their perfidy," the researchers noted.

Luckily, this particular payload is detected as a possible threat by quite a few of AV solutions, but definitely not most of them.

Aside from implementing technological defenses to spot and block this type of emails, Inky researchers urge organizations to think about creating an IT policy stating that employees will not be asked to download certain file types.

"A standard and formalized communications protocol that is widely shared, and frequently reinforced, would help as well," they added.

News URL

http://feedproxy.google.com/~r/HelpNetSecurity/~3/ndyK-XOTfEM/

#email #ransomware