A new ransomware attack targeting Amazon users has been detected, using a spoofed sender address. Ironically, the campaign has surfaced just as new survey numbers show that most consumers are clueless about ransomware and what to do about it.
Comodo Threat Research Labs said in an alert that a rash of phishing emails have been sent to users supposedly originating from Amazon.com— with the sender email reading “auto-shipping@amazon.com.” Reportedly, there is no body to the email, but the subject is “Your Amazon.com order has dispatched (#code).” The components that do the damage are the attachments, which are included as Microsoft Word documents.
“This latest attack only increases the call to action to strengthen security measures,” the researchers said. “Cybercriminals adapt to attempts to block them, constantly creating new and more insidious strains of malware.”
When the documents were analyzed, it was determined there was no copy, only macro codes. Unsuspecting recipients are prompted to enable the contents of the documents so that the macro codes are then executed. This allows an executable file to be downloaded and to run.
That file is—you guessed it—actually ransomware.
Specifically, the payload appears to be the Locky ransomware, which searches for and encrypts user files. Then the original files are deleted and replaced with the encrypted files named “%hashvariable%locky,” in the same folders as the original files. Users are then of course encouraged to pay the ransom to get their data back.
The number of affected users is not yet available, but it is believed to be a far-reaching campaign.
That’s concerning given new research data from Kaspersky Lab, which reveals that almost half (43%) of connected consumers do not know what ransomware is, despite its recent aggressive spread. A similar number (44%) confessed that they did not know what data or information could be stolen in a ransomware attack.
Moreover, it’s not a clear concern for even those of a tech-savvy generation: only 13% of Millennials said they were worried about ransomware in general.
However, since consumers store emotionally and financially valuable content on their digital devices, 26% of Americans and 24% of Canadians said they would be willing to give up social media permanently in order to guarantee the future protection of their personal digital files.
Also, many respondents would not know what to do if a ransom attack occurred. The survey found that 15% of Americans and 17% of Canadians think unplugging the computer or turning off the mobile device could stop it, with a small amount even believing negotiating with the attacker is the best way to stop the attack. The findings also indicated that the percentage of those surveyed who would not know what steps to take in a ransomware attack grew with increasing age, from 37% of those aged 16-34 to 54% of those aged 55+.
“Right now, ransomware is an epidemic. Although it has been around for more than a decade, we have seen a recent explosion of new ransomware families that is cause for serious concern,” said Ryan Naraine, head of the Global Research and Analysis team in the US for Kaspersky Lab. “With this epidemic, the need for increased consumer awareness about ransomware is essential. Consumers today must not only learn about ransomware, but also use solutions to protect themselves against it, including installing internet security, making sure all devices are updated with available software patches, routinely backing up all important digital assets and implementing better user habits.”
Photo © LeoWolfert