Alongside the increases in malicious attachments in emails for 2019, researchers in ESET had noticed a huge wave of spam that was apparently spreading ransomware to Russian users.
Dramatic Uptick in Malicious Intent Email Attachments
January 2019 has been a month where Russia was hit with yet another wave of an attack vector which had been lying dormant all through 2018. This ‘New Year’s Edition’ of spam campaigns are heavily relying on this platform to implement their malicious intentions and they even have spam in the Russian language.
The attachments in the emails seem to consist of ransomware which was previously known as Troldesh or Shade. If you jog your memories to the October of 2018, you’ll recall how Shade ransomware was introduced to the world using the same attack vectors. Ransomware removal companies were on the lookout for solutions whenever they detected the infamous Win32/Filecoder.Shade.
Ransomware Removal Needs took a Break in Christmas
The agencies that were keeping track of the pace of these malicious emails have found that while the problem started in the October of 2018, it stayed at a consistent pace till December. This is where the perpetrators had taken a break – somewhere around Christmas, and then they resumed their pace in mid January 2019.
If their consistency is plotted on a graph, ransomware removal agencies even found that the attackers were taking breaks over the weekends! Well, we’re not humanizing these attackers – instead we are implying that they are smart enough to use company emails while targeting their efforts towards employees in organizations.
Posing As Legitimate Organizations
Ransomware removal companies found in their 2019 analysis of the problem that the emails in the Russian language were attached with zip files named ‘inf.zip’ and ‘info.zip’. These attachments were usually found as part of emails that mostly posing as updates on orders or were trying to act like legitimate organizations in Russia.
Some emails from this malicious campaign seemed to even be impersonating B&N – the Russian bank which recently went through a merger with Otkritie Bank. There were also some other emails that seemed to have come in from Magnit – the famous retail chain!
How to Stay Safe?
Avoiding a ransomware attack that belongs to this family of email threats is as simply as avoiding clicking links in the emails. If you think clicking the link is necessary