Email attacks are back in fashion, with several new and well-known forms of ransomware being distributed with the help of malicious payload messages.
Email was the most productive way to infect victims with ransomware, but in recent years, intruders have shifted their focus to other methods. To be precise, they use remote ports, unpatched servers or other vulnerabilities in corporate networks to encrypt them and encrypt entire networks, demanding huge amounts of ransom to give owners back their data.
In recent weeks, however, Proofpoint researchers have seen an increase in the number of ransomware attacks spread via email - including ransomware that has not been active for years - with scammers sending hundreds of thousands of messages every day. Email attacks use a variety of temptations factors to deceive people to open it, including issues related to the coronaio.
One of the biggest phishing campaigns is from a new ransomware called Avaddon. Over the course of a week in June, more than a million messages were distributed, targeting mostly organizations USA.
The Avaddon uses a somewhat basic technique as a lure, with issues claiming to be related to a photograph of the victim. If the victim opens the attachment, download Avaddon using PowerShell.
To the infected computers a ransom note appears asking for $ 800 in bitcoin in exchange for "special software" to decrypt it hard drive. Hackers warn that if users try to recover their files without payment, will lose files forever.
A second ransomware campaign based on phishing email, which is described in detail by researchers, was named “Mr. Robot ", which targets construction companies in the US. Messages claiming to come from the Ministry of Health use topics related to the test results for COVID-19 in an attempt to entice victims to click on a link to view a document.
If the victim clicks, this Philadelphia ransomware and intruders demand $ 100 in return for their return. files. It is a very small amount compared to many ransomware campaigns, which suggests that it is aimed at ordinary users and not businesses.
But it's not just organizations in North America that are increasingly being attacked by ransomware via email - the same is true of Europe.
Researchers note that Philadelphia ransomware - returning after a three-year hiatus - targets food and beverage companies in Germany by email claiming to be from the German government.
The emails claim to contain information about the possible closure of the company due to the COVID-19 pandemic, encouraging the victim to click on a link - if they do, the Philadelphia ransomware is installed on the system, with a ransom note requiring 200 $ for decryption.
While the number of email-based ransomware attacks is still small compared to 2016 and 2017, when Locky, Cerber and GlobeImposter were distributed in huge volumes of tens of millions, the recent increase in email attacks shows how flexible criminals are in cyberspace.
One reason some intruders could return to phishing emails is because of the number of people now working remotely and dependence from the email it entails.
In many cases, it is possible to defend ourselves against ransomware by ensuring that networks have been corrected with the most recent ones security updates, preventing intruders from exploiting known software defects.
However, businesses also need to always have a plan, as at some point someone will make the mistake of clicking on a malicious link in a phishing email.