And here's another ransomware wannabe that has ripped off the CryptoLocker brand but is something totally different. A recent spam campaign sending out emails masquerading as an Australian energy company is serving up the Cryptolocker malware…or at least that’s what the spammers want you to think.
Once users become infected, they are told they are infected with Cryptolocker however, upon further research, Symantec discovered that the malware is not related to the original Cryptolocker virus and is merely a copycat attempting to cash in on the hype and infamy of Cryptolocker.
Energy bill gives users a shock
To infect users with the crypto malware, the spammers use a fake bill to lure recipients to a malicious website; however, the malware is not hosted here and it is just an evasive manoeuvre to evade any link-following technologies. The email appears to be a legitimate electronic bill, complete with a balance outstanding. The recipient just has to click a link to view their bill. Here is an example:
Symantec advises users to be cautious of emails that request new or updated personal information. Users should also avoid clicking on links in suspicious messages. I would add that it's now an essential piece of your defense-in-depth puzzle to step your users through effective Kevin Mitnick Security Awareness Training to prevent ransomware infections like this.
