Warning: Email promising protection from ransomware is actually malware

June 7, 2021

By Kim Komando

Throughout history, there have been several high-profile security breaches and malware attacks. One of the more infamous happened in 2011 when a hacker breached the PlayStation Network. This exposed the details of 70 million people.

Arguably the biggest hack occurred in 2010, when the now-infamous Stuxnet virus infected nuclear power facilities in Iran, stealing data and disabling them. The effects from the breach reverberated throughout the world, and companies scrambled to strengthen their systems.

More recently, the breaching of the Colonial Pipeline brought attention to ransomware globally. This issue has now been sorted out, but cybercriminals are now using the attack to spread malware.

Here’s the backstory

Colonial Pipeline was reportedly breached by using a compromised password, and the fuel distributor was held for ransom. The company eventually paid hackers $4.4 million after gas prices rose across the country.

Using the events from the ransomware attack, cybercriminals are now tapping into those details to launch new malware attacks on everyday internet users. People are receiving emails claiming their company’s email system needs updating to prevent an attack similar to Colonial Pipeline.

Of course, the email is totally bogus and clicking on the supplied link will infect your device with malware. The cybersecurity company Inky received numerous complaints from users getting “helpdesk” emails.

The malicious email states: “Given the recent ransomware attack against Colonial Pipeline and many other organizations, (the user’s company) is requiring all employees to run a new update that will help the system detect and prevent the latest strains of ransomware.”

Malware email
(Image source: Inky)

In a blog post, Inky detailed that cybercriminals sent phishing emails from newly created domains. It points out that the domains appear so innocuous that anti-phishing software doesn’t detect them.

What you can do about it

If you receive an email that seems strange, don’t click on included links or open attachments. If it appears to come from your company, contact the IT department to check its legitimacy.

“In this highly customized attack, the malicious site used the target company’s logo and imagery. The ‘Download’ button was set to download malware called Cobalt Strike. It’s a legitimate penetration-testing tool that has been deeply abused by bad actors since its source code was leaked in late 2020,” Inky explained.

Once your computer is infected, cybercriminals will be able to steal personal and company data, including banking details.

Keep reading

New Mac malware secretly takes screenshots of what you’re doing

Watch your work email for malware that can hijack your system

https://www.komando.com/news/colonial-pipeline-phishing-attacks/