Security News > 2021 > November > Ransomware Phishing Emails Sneak Through SEGs
Secure email gateway protections aren't necessarily enough to stop phishing emails from delivering ransomware to employees, especially if the cybercrooks are using legitimate cloud services to host malicious pages.
Researchers are raising the alarm over a phishing email kicking off a Halloween-themed MICROP ransomware offensive, which they observed making its way to a target's inbox despite its being secured by an SEG. Infection Routine.
"The executable is a DotNETLoader that uses VBS scripts to drop and run the MIRCOP ransomware in memory," according to the analysis.
"The rapid deployment from the MHT payload to final encryption shows that this group is not concerned with being sneaky. Since the delivery of this ransomware is so simple, it is especially worrying that this email found its way into the inbox of an environment using a SEG.".
"The MIRCOP ransomware, also known as Crypt888 ransomware, encrypts users' files to hold them hostage," a Cofense analysts reported.
"The user is also unable to open any applications besides a few web browsers that can give them access to their email address which is used to contact the attacker," Cofense researchers wrote in a recent posting.
News URL
https://threatpost.com/ransomware-phishing-emails-segs/176470/
Related news
- Microsoft: Hackers steal emails in device code phishing attacks (source)
- Beware: PayPal "New Address" feature abused to send phishing emails (source)
- EncryptHub Deploys Ransomware and Stealer via Trojanized Apps, PPI Services, and Phishing (source)
- Microsoft Warns of ClickFix Phishing Campaign Targeting Hospitality Sector via Fake Booking[.]com Emails (source)
- Coinbase phishing email tricks users with fake wallet migration (source)
- Why it's time for phishing prevention to move beyond email (source)
- New Morphing Meerkat Phishing Kit Mimics 114 Brands Using Victims’ DNS Email Records (source)
- PoisonSeed phishing campaign behind emails with wallet seed phrases (source)