And the beat keeps going when it comes to ransomware scams, this time targeting U.S. government agencies. That’s according to Proofpoint researchers who identified a ransomware scam that sends out emails with an embedded malicious URL instead of attaching infected code to the email message itself.
The ransomware, dubbed CryptFile2, was first discovered in March, but now, the security researchers have found the ongoing campaign has adapted its way of tricking people, now using embedded URL links to deliver the ransomware.
“Between Aug. 3 and Aug. 9, Proofpoint detected a large CryptFile2 ransomware email campaign,” the researchers said. “Bucking the more common trend of attaching malicious documents to emails, this campaign used embedded malicious URLs that led recipients to download Microsoft Word documents. If opened, these documents employ a social engineering lure to entice the user to enable malicious macros. The macros, in turn, download the final ransomware payload.”
Prooftpoint said the email messages used in the ransomware campaign used convincing email text in the body and have an array of subject lines referencing things like an American Airlines discount, bonus from American Airlines and free fly with American Airlines. Proofpoint said the campaign is mainly aimed at state and local government agencies, followed by K-12 education. Messages came through in smaller numbers for health care, post-secondary education and several other industries.
While ransomware attacks are largely aimed at individuals, attacks against companies are growing in occurrence because hackers have witnessed what lengths people and companies will go to to get their data back. According to Symantec’s Ransomware and Businesses 2016 report, while individuals accounted for 57 percent of the recorded ransomware attacks in 2015, attacks on companies and larger organizations increased at the end of the year. Because companies are willing to pay up, hackers saw that and upped the number of attacks at the end of the year. “A growing number of gangs are beginning to focus on targeted attacks against large organizations,” Symantec said in the report. “Although more complex and time-consuming to perform, a successful targeted attack on an organization can potentially infect thousands of computers, causing massive operational disruption and serious damage to revenues and reputation.”