Security News > 2021 > November > Ransomware Phishing Emails Sneak Through SEGs
Secure email gateway protections aren't necessarily enough to stop phishing emails from delivering ransomware to employees, especially if the cybercrooks are using legitimate cloud services to host malicious pages.
Researchers are raising the alarm over a phishing email kicking off a Halloween-themed MICROP ransomware offensive, which they observed making its way to a target's inbox despite its being secured by an SEG. Infection Routine.
"The executable is a DotNETLoader that uses VBS scripts to drop and run the MIRCOP ransomware in memory," according to the analysis.
"The rapid deployment from the MHT payload to final encryption shows that this group is not concerned with being sneaky. Since the delivery of this ransomware is so simple, it is especially worrying that this email found its way into the inbox of an environment using a SEG.".
"The MIRCOP ransomware, also known as Crypt888 ransomware, encrypts users' files to hold them hostage," a Cofense analysts reported.
"The user is also unable to open any applications besides a few web browsers that can give them access to their email address which is used to contact the attacker," Cofense researchers wrote in a recent posting.
News URL
https://threatpost.com/ransomware-phishing-emails-segs/176470/
Related news
- Beware of phishing emails delivering backdoored Linux VMs! (source)
- New Phishing Tool GoIssue Targets GitHub Developers in Bulk Email Campaigns (source)
- Russian Hackers Exploit New NTLM Flaw to Deploy RAT Malware via Phishing Emails (source)
- Phishing emails increasingly use SVG attachments to evade detection (source)