Security experts continue to lock gazes with the Trickbot virus in their ransomware removal procedures. The malware has been known for spreading via email spam campaigns as well as spear phishing strategies.
Spear phishing is a cybercriminal activity in which emails are sent from cybercriminals who pretend to be a reliable and renowned entity. As a result, users are not wary of these emails and open them to click or download any files.
Trickbot has been known to successfully implement the spear phishing strategy against financial companies where the malicious file –– found in the ransomware removal process –– is mainly described as some sort of Excel spreadsheet as opposed to a .docx file. So, how exactly have the Trickbot creators found success with their deception techniques?
The ransomware is propagated through emails. In these emails customized email subject lines and contents are added to generate credibility. The victim’s name is always mentioned in the subject line to gain their trust and let their guard down. Generally, these emails consist of a subject like the following format:
Month – Payrolls – victim@victimsdomain.com
The creators update the month monthly. The senders of the email pose themselves to be from PwC (PricewaterhouseCoopers) ––the top accounting firm in the world. However, there is a catch. The email comes in the following format:
RDornier@pwcco.uk
However, PwC officials deny the existence of any such official email associated with their firm. Unfortunately, naive users are still fooled as they consider these emails as real. The attached spreadsheet has been found to be malicious –– enabled with macros –– in the ransomware removal process.
UK’s NCSC has warned users that the malware has been attacking SMEs and individuals in UK as well as other countries. A short guide was released in the last week to educate users for tackling such threats.
