None But the Lonely Heart Would Fall for an Emoji



whatsapp-emoji_1057-1534Researchers at Malwarebytes and X-Force IRIS have come across an ongoing phishing campaign that’s using romance-themed emails to distribute the Nemty ransomware, BleepingComputer reports. The emails have subject lines like “I love you,” “Letter for you,” “Will be our secret,” and “Can't forget you.” The body of the emails simply contains a winking emoji ;) and an attachment. The attachment’s file name begins with “LOVE_YOU” followed by a series of numbers.

Malwarebytes concludes that the attackers believe the cryptic nature of the message is enough to entice victims into opening the attachment. The messages also have the advantage of avoiding the typos that are often present in more verbose phishing emails.

The attachment is a ZIP archive containing a heavily obfuscated malicious JavaScript file which is also entitled LOVE_YOU. BleepingComputer notes that this file had a very low detection rate on VirusTotal at the time of its discovery, although it’s improved somewhat since then.

If the victim clicks on the JavaScript file, it will download and run the Nemty ransomware on their computer. Nemty is notable because it’s one of a growing number of ransomware strains that are beginning to incorporate data theft into its extortion scheme. Instead of simply encrypting data and holding the decryption key for ransom, these attackers steal their victims’ data before encrypting it. Then, if a victim refuses to pay, the attackers will threaten to leak or sell the stolen data online. This can have much more serious consequences for both the victim organization as well as for its customers

Employees need to know how to recognize social engineering hooks in order to avoid falling for this type of attack. Any mysterious email that contains an attachment or a link should be treated with suspicion, especially if it makes you want to click against your better judgment. New-school security awareness training can enable your employees to identify these tactics when they encounter them in the real world.

BleepingComputer has the story: https://www.bleepingcomputer.com/news/security/nemty-ransomware-actively-distributed-via-love-letter-spam/


Request A Demo: Security Awareness Training

products-KB4SAT6-2-1New-school Security Awareness Training is critical to enabling you and your IT staff to connect with users and help them make the right security decisions all of the time. This isn't a one and done deal, continuous training and simulated phishing are both needed to mobilize users as your last line of defense. Request your one-on-one demo of KnowBe4's security awareness training and simulated phishing platform and see how easy it can be!

Request a Demo!

PS: Don't like to click on redirected buttons? Cut & Paste this link in your browser:

https://www.knowbe4.com/kmsat-security-awareness-training-demo



Subscribe to Our Blog


Comprehensive Anti-Phishing Guide




Get the latest about social engineering

Subscribe to CyberheistNews