• Cyber Security
    • Ransomware Prevention
    • Ransomware Removal
    • Ransomware File Recovery
    • Ransomware Types
  • Ransomware Services
    • Ransomware Removal
    • Ransomware File Recovery
  • News
  • Tutorials
  • Ransomware TV

A Ransomware-containing Email is Discovered that Also Steals Passwords

April 16, 2018Simeon Georgiev

A California-based IT security company Barracuda Networks have recently discovered an email attack with a double whammy. The email contains a malevolent attachment that can load ransomware on the device while simultaneously steals passwords of the affected user. So, the victim won’t have to deal with ransomware removal only, he also has to change all the hacked login credentials.

According to cyber security experts of the company, this new ransomware attack is exploiting an old vulnerability of Internet Explorer identified three years ago. The email attack uses Samba for the attachment downloading. It helps the ransomware file to bypass all the security features of the browser.

It’s worth mentioning that Microsoft released a cumulative security patch to remove this vulnerability of Internet Explorer back in September 2016. Organizations and individuals that show negligence in updating their systems with all the latest patches will remain susceptible to this ransomware-containing email attack.

Modus of Operandi of this Email Attack

Ransomware attacks through emails are not a new thing. We have seen it in many cases where phishing tactics are employed to deliver ransomware to a network or a device. Unfamiliarity with social engineering tricks of the perpetrators is the reason why phishing is still the most effective tool for cybercriminals.

According to the investigation from Barracuda, this ransomware-containing email masquerades as a billing statement or a message from any financial services provider. The email contains an attachment with zip extension, which provokes the targeted user to download it immediately.

From here, the things start to go underhanded. Instead of using the normal route of downloading the file through https address, the file in the zip folder (Window Script file with an extension ‘wsf’) uses ‘files://’ to execute the Quant Loader installer using Samba.

Quant Loader is a notorious ransomware-as-a-service Trojan. But in this ransomware-containing email, a password stealing software has also been integrated in the executable file to make the attack more deadly.  According to the researchers, it is very hard to comprehend the script files because of high level of complexity. This means the ransomware removal activity after this attack will also be quite burdensome.

Simeon Georgiev
https://www.linkedin.com/in/simeon--georgiev/
I am a Cyber Security Enthusiast from Bulgaria. I like to write about malware and ransomware and global cyber attacks. You can reach me on Twitter @sgeorgiev1995 or Email: [email protected]
Previous post Academics at UW-Madison Reviews Atlanta’s Ransomware Attack Next post A Shifting Tactic from Web-based Ransomware Operators

Related Articles

NonPetya Ransomware Caused Millions of Dollars Worth of Damage to Maersk

January 27, 2018Simeon Georgiev
NonPetya Ransomware Caused Millions of Dollars Worth of Damage to Maersk

Ransomware: 4 Types of the Latest Trend in Cybercrimes

February 1, 2018Simeon Georgiev
Ransomware: 4 Types of the Latest Trend in Cybercrimes

NonPetya Ransomware Caused Millions of Dollars Worth of Damage to Maersk

February 1, 2018Simeon Georgiev
NonPetya Ransomware Caused Millions of Dollars Worth of Damage to Maersk

Latest on Ransomware TV

https://vimeo.com/399908876?loop=0

Recent Posts

  • How to protect your organization against ransomware reinfections
  • AuKill Helps Ransomware Operators Disable EDR and Security Tools
  • AI-ransomware is a real threat, just not a realistic one yet
  • Rorschach is the new speed king in the ransomware space
  • The Role of Supply Chain Breaches in Ransomware Attacks

Stay Protected

Subscribe to our mailing list to get the latest cyber security and ransomware removal articles!

Thank you for subscribing.

Something went wrong.

Navigation

  • Cyber Security
    • Ransomware File Recovery
    • Ransomware Prevention
    • Ransomware Removal
    • Ransomware Types
  • News
  • Tutorials

Ransomware Attacks (Last 6M)

0

Connect & Protect

Facebook
Google+
LinkedIn
YouTube
Vimeo

More

  • BECOME A CONTRIBUTOR

MonsterCloud Reviews

© 2020 MonsterCloud.com. All Rights Reserved.