Home » Cyber Security News » Cybercriminals leverage ‘Fake CDC Flu’ warning to distribute GandCrab 5.2 ransomware

Cybercriminals leverage ‘Fake CDC Flu’ warning to distribute GandCrab 5.2 ransomware

  • The attack begins with users receiving a fake CDC email.
  • In order to make it less suspicious, the email is distributed under the subject line of ‘Flu Pandemic Warning’.

The infamous GandCrab is back in a new phishing campaign. Here, the attackers are using fake Center for Disease Control (CDC) warning to distribute the GandCrab 5.2 ransomware onto the victims’ systems.

How does it work – As per My Online Security, the attack begins with users receiving a fake CDC email. In order to make it less suspicious, the email is distributed under the subject line of ‘Flu Pandemic Warning’. However, a close look reveals that the email comes from a sender ‘Peter@eatpraynope[.]com’ which has nothing to do with the CDC.

“To confuse the issue even more the subject line was written in what looks like a mix of cyrillic & western characters & encoded in UTF8 format so a computer will automatically translate / decode it. When I first tried to post this, I got a garbled mess of characters in the url to this post where the Copy & pasting from the email picked up the utf8 format,” the researchers explained.

The email includes a malicious doc that appears to contain the instructions on how to prevent flu. When users click the doc, the GandCrab 5.2 is unleashed and gets installed on the computers.

“The Word doc attachment is almost empty with just an Urgent Notice Heading. The scumbags trying to compromise you are hoping that you will enable content & editing to enable the macros that let this run,” said researchers.

Encryption process – Once installed, the ransomware encrypts the victims’ files and leaves behind a warning note, asking for ransom.

“The C2 for this is a well known site ‘https[:]//www.kakaocorp.link/static/tmp/eshe[.]png’ where the ransomware posts encrypted / encoded details about the compromised computer,” read the report.

In order to stay safe, users are urged to ignore such emails and should not click on the link or malicious doc as it can infect the systems.

Buy Firewall, Buy Firewall Online, Buy Firewall Online India Buy Firewall, Buy Firewalls Online, Buy Firewall Online in India from IT Monteur's Firewall Firm, Buy Firewall Support, Buy Firewall License & License Renewals

What is Firewall? A Firewall is a network security device that monitors and filters incoming and outgoing network traffic based on an organization's previously established security policies. At its most basic, a firewall is essentially the barrier that sits between a private internal network and the public Internet.

 

Secure your network at the gateway against threats such as intrusions, Viruses, Spyware, Worms, Trojans, Adware, Keyloggers, Malicious Mobile Code (MMC), and other dangerous applications for total protection in a convenient, affordable subscription-based service. Modern threats like web-based malware attacks, targeted attacks, application-layer attacks, and more have had a significantly negative effect on the threat landscape. In fact, more than 80% of all new malware and intrusion attempts are exploiting weaknesses in applications, as opposed to weaknesses in networking components and services. Stateful firewalls with simple packet filtering capabilities were efficient blocking unwanted applications as most applications met the port-protocol expectations. Administrators could promptly prevent an unsafe application from being accessed by users by blocking the associated ports and protocols.

 

Firewall Firm is an IT Monteur Firewall Company provides Managed Firewall Support, Firewall providers , Firewall Security Service Provider, Network Security Services, Firewall Solutions India , New Delhi - India's capital territory , Mumbai - Bombay , Kolkata - Calcutta , Chennai - Madras , Bangaluru - Bangalore , Bhubaneswar, Ahmedabad, Hyderabad, Pune, Surat, Jaipur, Firewall Service Providers in India

Information Security - InfoSec - Cyber Security - Firewall Providers Company in India

Sales Number : +91 9582 90 7788 | Support Number : +91-9654016484
Sales Email : sales@itmonteur.net | Support Email : support@itmonteur.net

Register & Request Quote | Submit Support Ticket