Back to Insights

Nasty Surprise From Your Valentine?!

Cyber security 02/15/2020 - 10:52 by Sudhakaran R

Maybe think twice before you open that romantic post because cybercriminals are using Valentine’s Day as a way to distribute a prolific ransomware type.

GandCrab first appeared in January last year, becoming one of the most popular file encryption malware families, with its developers updating it regularly with new tricks and techniques.

Now the ransomware is being sent in a campaign described by security researchers at Mimecast to potential victims in phishing emails with romantic subject lines to coincide with Valentine’s Day in.

Although holiday campaigns have historically focused on customers, they are increasingly targeting business email accounts — providing attackers with a way to encrypt corporate networks and demand greater ransoms than they might squeeze out of individual victims.

The subject lines used in this advertisement on GandCrab all refer to romance. Examples include ‘ This is my letter of love to you,” Wrote down my thoughts about you”, My letter for you’, and’ Felt in love with you’.

The email body contains just one* symbol and comes with an attachment— a zip file that includes a JavaScript script. In every malicious email, the file name follows the same pattern —’ Love You 2018′ followed by seven or eight random digits.

If the user opts to remove and execute the JavaScript file, GandCrab ransomware will be downloaded and executed as a malicious URL embedded in the document.

Before the ransom note is shown to the user, they are requested to pick a language to interpret it in— English, Korean or Chinese, something that researchers suggest suggests those behind GandCrab’s main targets.

After that, the user is led to a ransom note stating that their device has been encrypted and that to get their data back, they need to pay a ransom in Bitcoin or DASH cryptocurrency.

The victim is advised that if they don’t pay within seven days, the ransom will be doubled — and advice is given on how to buy and use cryptocurrencies. The attackers also give a live chat channel to ’help’ the victims pay the demand for ransom.

Researchers note that the ransom payments vary according to the target, suggesting an element of preparation behind the attacks— and that it is conceivable that the Valentine’s Day scam may not be the work of the GandCrab writers themselves, but rather cyber-criminal clients using it as part of a ransomware-as-a-service (RaaS) program.

GandCrab remains one of the most powerful ransomware threats and it is anticipated that companies will continue to be plagued for some time.

“We’ll probably continue to see them updating the versions. Releasing more updates would allow them to stay ahead of detection and keep offering this as a RaaS to increase their profits”.

Nonetheless, by educating users to be aware of unusual or unwanted email messages — or by installing appropriate security software — companies can look to avoid falling victim to it.

The only way to protect what you’ve worked hard to build is to be vigilant when it comes to cybersecurity. If you’d like to know more about how your business can benefit from managed services, just give us a call, we are here to help.

 

Now the ransomware is being sent to potential victims in phishing emails with romantic subject lines to coincide with Valentine Day in.