Crypto-Ransomware Targets 20 Million Inboxes

[LASER_oneXM]

Security researchers are warning of another major crypto-ransomware campaign which has so far been observed attacking 20 million user inboxes.

The threat, discovered in the second half of this week, arrives as many similar ransomware attacks do in the form of an unsolicited email.

The email itself is spoofed to appear to come from a legitimate source and the attachment name and number is included in the subject line and body of the message, for example: “Emailing: Payment_201708-6165”.

“This attachment is a JavaScript file in a 7zip archive that the Barracuda ATP Dynamic Analysis Layer identifies as a ‘file-encryption/ransomware’ type virus,” explained Barracuda Networks lead platform architect, Eugene Weiss.

He added that the best course of action is to have in place dedicated email security which will block the attack before it even arrives in the network.

The alert is just the latest in a long line of large-scale ransomware threats which have dominated 2017 so far.

 

[tim one]

An attachment with .js extension immediately should increase suspicions, raising the attention threshold, and even before that AV give your opinion (just in case).

 

[Fritz]

An attachment with .js extension immediately should increase suspicions, raising the attention threshold, and even before that AV give your opinion (just in case).

Indeed; why would you open an attachment named Payment xyz in an unsolicited mail from some unkown account in the first place?
A brain roughly approaching the size of a peanut should provide adequate protection already…