As the dust begins to settle, it’s clear that victims of the ransomware attack are not out of the woods yet. Researchers at Malwarebytes have discovered an email phishing campaign designed to kick Kaseya’s victims while they’re down. Masquerading as a fix for the REvil ransomware attack, the email is just another opportunistic phishing attack.
Malwarebytes Warns of the Phishing Campaign
The Threat Intelligence Team at Malwarebytes tweeted about a threat that could affect anybody, not just victims of the Kaseya attack. The “malspam” – malicious email spam – claims to contain a fix from Microsoft that will patch the vulnerability responsible for the Kaseya attack. It attempts to fool people into downloading an .exe (executable) file. This is a type of file that installs software onto your computer. The attachment is actually a disguised penetration testing software file known as Cobalt Strike. Penetration testers look for vulnerabilities in computer networks. Ordinarily, businesses use their services to look for weaknesses in their networks that could leave them open to cyber attacks. However, threat actors – like cybercriminals – have found a way to turn the software against networks as a way of delivering malware.
If a victim opens the attachment and installs Cobalt Strike, a third party could use the software to break into the victim’s machine. It’s not yet clear who is responsible for this latest incident. REvil hasn’t claimed responsibility, and Malwarebytes has not yet indicated who could be behind the phishing campaign. Fortunately, there are steps that you can take to protect yourself. You can avoid becoming a victim of email phishing campaigns by following a few simple pieces of advice:
Set up your spam filter properly in your email inbox. Only provide your details to known, secure websites when browsing online. Don’t download any attachments from emails unless you recognise the sender. Never download .exe files.
For more information on keeping yourself safe online in the face of phishing attacks, check out our full article on phishing campaigns.
CISA and FBI Issue Advice for Kaseya Victims
Following the original ransomware attack, the CISA (Cybersecurity and Infrastructure Security Agency) and FBI (Federal Bureau of Investigation) have issued some advice for affected companies and customers.
What is Ransomware?
Ransomware is a type of malware (malicious software) that uses encryption to lock down a computer. Once encrypted, the software quite literally holds it at ransom. If you’ve been affected, then you’ll be unable to access any of your files, applications, or other computer software. The problem has grown to such an extent that the term RaaS, or ransomware-as-a-service has started gaining footing. Some software developers create this software and sell it to cybercriminals. Then, they benefit financially when cybercriminals use the software by taking a cut of any payments made by victims. The rise in popularity of cryptocurrencies like bitcoin (BTC) hasn’t helped matters, as cybercriminals can siphon off funds with near impunity. Unlike cash, cryptocurrency cannot easily be tracked. This makes it a huge benefit for the dark net and cybercriminals engaging in illicit acts.