Network’s Plus is vigilant in our efforts to ensure the safety and protection of our clients. We keep and ear and eye out on all new attempts at Ransomware. The newest attempt can be found below in an article written by Knowbe4
|Heads-Up! Voice Message Notification Email Warning Could Be Ransomware|
|Don’t play voice mail messages from suspicious sources. Xavier Mertens at the SANS Internet Storm Center had a great item that we have been warning against for a while now.
He started out with: “Bad guys need to constantly find new ways to lure their victims. If billing notifications were very common for a while, not all people in a company are working with such kind of documents. Which types of notification do they have in common? All of them have a phone number and with modern communication channels… everybody can receive a mail with a voice mail notification. Even residential systems can deliver voice message notifications.”
One of the currently most prevalent ransomware strains called Cerber has even experimented with text-to-speech synthesizers to threaten victims to pay the ransom.
This new voice mail attack email arrives with an attachment, which supposedly contains a voice message, in a .wav file compressed in .zip folder. The folder actually contains hidden malicious code that will install ransomware and renames files to [original file name].crypted.
The delivery mechanism may be exploiting the fact that missed call notification emails are enabled by default in Microsoft Outlook.
Consumers appear to be the first target of this ransomware campaign according to Mertens. The initial phishing attack campaign contained a voice message regarding a modem from Vigor, a UK distributor of ADSL modems for the residential market.
As we all know, the bad guys use the UK as a beta test for their attacks, and debug the whole campaign before they unleash it on the U.S. So use this as a heads-up and alert your users that they need to watch out.
I recommend you send your employees, friends and family something like this, you’re welcome to copy/paste/edit:
“Bad guys have found a new way to trick people into infecting their PC with ransomware. This time it looks like a Microsoft email that tells you about a voice mail that was left for you, and wants you to play the voice mail.
The email has an .zip attachment that supposedly has the voice mail message in a .wav file. However, if you unzip the file, the ransomware will encrypt all the files on your computer and possibly all files on the network if you have access. You only get your files back if you pay around 500 dollars.
Do not click on links in “voice mail” emails from someone you do not know, and certainly do not open any attachments!
Remember, Think Before You Click!
Here is the blog post with a screenshot, showing how this looks: