Friday, January 22, 14:20
Home security Attacks that start with phishing emails are back in fashion

Attacks that start with phishing emails are back in fashion

Email attacks are back in fashion, with several new and well-known forms of ransomware being distributed with the help of malicious payload messages.

Email was the most productive way to infect victims with ransomware, but in recent years, intruders have shifted their focus to other methods. To be precise, they use remote ports, unpatched servers or other vulnerabilities in corporate networks to encrypt them and encrypt entire networks, demanding huge amounts of ransom to give owners back their data.


In recent weeks, however, Proofpoint researchers have seen an increase in the number of ransomware attacks spread via email - including ransomware that has not been active for years - with scammers sending hundreds of thousands of messages every day. Email attacks use a variety of temptations factors to deceive people to open it, including issues related to the coronaio.

One of the biggest phishing campaigns is from a new ransomware called Avaddon. Over the course of a week in June, more than a million messages were distributed, targeting mostly organizations USA.

The Avaddon uses a somewhat basic technique as a lure, with issues claiming to be related to a photograph of the victim. If the victim opens the attachment, download Avaddon using PowerShell.

To the infected computers a ransom note appears asking for $ 800 in bitcoin in exchange for "special software" to decrypt it hard drive. Hackers warn that if users try to recover their files without payment, will lose files forever.

A second ransomware campaign based on phishing email, which is described in detail by researchers, was named “Mr. Robot ", which targets construction companies in the US. Messages claiming to come from the Ministry of Health use topics related to the test results for COVID-19 in an attempt to entice victims to click on a link to view a document.

If the victim clicks, this Philadelphia ransomware and intruders demand $ 100 in return for their return. files. It is a very small amount compared to many ransomware campaigns, which suggests that it is aimed at ordinary users and not businesses.

But it's not just organizations in North America that are increasingly being attacked by ransomware via email - the same is true of Europe.

Researchers note that Philadelphia ransomware - returning after a three-year hiatus - targets food and beverage companies in Germany by email claiming to be from the German government.

The emails claim to contain information about the possible closure of the company due to the COVID-19 pandemic, encouraging the victim to click on a link - if they do, the Philadelphia ransomware is installed on the system, with a ransom note requiring 200 $ for decryption.

While the number of email-based ransomware attacks is still small compared to 2016 and 2017, when Locky, Cerber and GlobeImposter were distributed in huge volumes of tens of millions, the recent increase in email attacks shows how flexible criminals are in cyberspace.

One reason some intruders could return to phishing emails is because of the number of people now working remotely and dependence from the email it entails.

In many cases, it is possible to defend ourselves against ransomware by ensuring that networks have been corrected with the most recent ones security updates, preventing intruders from exploiting known software defects.

However, businesses also need to always have a plan, as at some point someone will make the mistake of clicking on a malicious link in a phishing email.


Please enter your comment!
Please enter your name here

Teo Ehc
Teo Ehc
Be the limited edition.


Netflix: Watch the 9 best Anime movies of all time

One of the good things about the pandemic was that many people were introduced to the anime world. And the issue with anime is ...

CHwapi: Windows BitLocker "hit" the Belgian hospital!

The CHwapi hospital in Belgium was attacked by a cyber attack on January 17, with hackers claiming to have encrypted 40 servers and 100 ...

CPU / GPU Lotteries: Newegg sells the few on the market

Hardware shortages are not uncommon, but the pandemic has worsened the situation. The whole planet is closed to ...

United Kingdom: Malware infects laptops delivered to students

In the context of e-learning implemented in many countries since the outbreak of the COVID-19 pandemic, governments are distributing the necessary equipment ...

iOS 14.4: Anti-tracking feature released to developers

Apple yesterday released to developers "Release Candidates" for iOS 14.4 and the corresponding iPad. It is probably the last step ...

Sophos: "Iranian company behind MrbMiner crypto-mining botnet"!

Cybersecurity company Sophos says it has uncovered links between MrbMiner crypto-mining botnet operators and a small Iranian development company ...

A minor sued Twitter for not removing child pornography material

According to court documents, Twitter received a lawsuit as it allegedly refused to remove child pornography content from its site ....

Microsoft Edge will notify you if your password is compromised

A new built-in password generator and a possibility to monitor the credentials that have leaked to Windows and macOS systems, is released by ...

Teespring: Hacker leaked data of millions of its users!

A hacker leaked data on millions of registered Teespring users on January 17 - an online portal that allows users to create and ...

QNAP: New Dovecat crypto-miner infects NAS devices

QNAP has warned its customers about a new malware (crypto-miner) called Dovecat, which targets NAS (network-attached storage) devices ...