silversurfer
Level 85
Thread author
Verified
Honorary Member
Top Poster
Content Creator
Malware Hunter
Well-known
- Aug 17, 2014
- 10,057
Read more below:BSI, the German national cybersecurity authority, has issued a warning regarding a malspam campaign that distributes the Sodinokibi ransomware via emails designed to look like official BSI messages.
The mails are sent from the meldung @bsi-bund.org email address and, according to the BSI, the individuals targeted by this attack should not "open mails, links and attachments from this sender!" The official BSI email domain is bsi.bund.de according to CERT-Bund.
By using "Warnmeldung kompromittierter Benutzerdaten" as the subject line — which translates to "Warning message of compromised user data" — the attackers are trying to trick their targets into reacting to the bait out of curiosity and to open the infected attachments without giving it a second thought.
BleepingComputer independently tested and confirmed that the ZIP attachment delivered by this campaign will infect the targets after launching the Windows shortcut camouflaged as a PDF document within the archive.
Sodinokibi Ransomware Distributed by Hackers Posing as German BSI
BSI, the German national cybersecurity authority, has issued a warning regarding a malspam campaign that distributes the Sodinokibi ransomware via emails designed to look like official BSI messages.
www.bleepingcomputer.com
Last edited: