Cyber Operations Platform Endgame has unearthed a new variant of ransomware that disguises itself as an email with tracking details for a “recent order”.
According to a blog post on the firm’s website, a researcher recently stumbled across a suspicious set of emails which detailed the successful delivery of a package. These were soon determined to be part of a widespread spam campaign attempting to deliver TeslaCrypt 4.1A to individuals who click on the link provided within the message.
Endgame were quick to point out the scam has appeared at an interesting and potentially very damaging time. Millions of Americans have just filed their taxes and many could be looking out for some sort of tracking information regarding their returns, so may be likely to inadvertently click into one of these malicious campaigns and find their files locked down.
“Ransomware has become one of the most effective and efficient methods cyber-criminals use to gain access to a victim’s banking details,” Sian John, EMEA chief strategist at Symantec, told Infosecurity. “Mainly as it restricts consumers’ access to their personal data and devices, making the payment of the demanded ransom seem like the best solution for victims to re-gain access to their accounts.”
In the post, Endgame explained that this malware exhibits even greater varieties of anti-analysis and evasion features than previous TeslaCrypt types, with integration of various obfuscation and deception techniques that are indicative of the larger trend in ransomware towards more refined and multi-faceted capabilities.
John said that ransomware is continuously evolving with cyber-criminals adopting multiple changes in how they deliver these attacks, leading to greater effectiveness.
“Over the past year we’ve observed multiple aggressive ransomware attacks which encrypt all of a victim’s digital content and hold it hostage until a ransom is paid.”
“Consumers should be mindful of the way they share personal data online and should make sure to use strong and unique password for all online accounts. Furthermore, people should always think before they click and remain wary of any suspicious e-mails, pop ups or websites. Social engineering and ransomware attacks attempt to trick consumers into thinking their computer is infected, requiring ransom which consumers must not pay under any circumstances. Above all, keeping an offline backup of your data and the use of an up to date multi-layered advanced threat protection software is a must for both consumers and organizations,” John added.