New malware campaign spreads through email distributing a known variant of the notorious ransomware – Gandcrab v5.2. Malicious activity was first detected about a week ago and was announced by MyOnlineSecurity.
The hackers they use false CDC emails that provide users with information about a new influenza pandemic that has recently spread. Criminals pretend to be among the Centers for Disease Control and Prevention to make fraud a true one.
The false message comes with address line »Centers for disease control and prevention"(Centers for Disease Control and Prevention) and topic "Flu pandemic warning ». People are asked to open the document attached to the message. According to the sender, this will prevent the further spread of influenza. However, those who are careful enough will notice that the E-mail does not come from CDC but by Peter@eatpraynope.com.
The fake email contains the following text:
Additionally, users start it Gandcrab v5.2 opening the malicious "Flu pandemic warning.doc" and editing the viewing mode. Then, the ransomware is downloaded from the file hxxp: //184.108.40.206/samanta.exe and the malicious load is transferred to the envelope C: \\ Windows \\ Temp on the Windows machine.
After that, the file encryption virus will launch its unique encryption algorithm and begin to locks the files by adding a random extension in each document. For example,encrypted data may seem to be picture.jpg.UGHTRR or picture.jpg.YRSTN etc. A ransom message is continuously displayed, which also includes the extension of the files in its name: UGHTRR-MANUAL.txt.
Great attention to emails you will receive!