Skip to content
Search
  • There are no suggestions because the search field is empty.
Cancel
Get Started Now

None But the Lonely Heart Would Fall for an Emoji

Stu Sjouwerman | Mar 3, 2020

whatsapp-emoji_1057-1534Researchers at Malwarebytes and X-Force IRIS have come across an ongoing phishing campaign that’s using romance-themed emails to distribute the Nemty ransomware, BleepingComputer reports. The emails have subject lines like “I love you,” “Letter for you,” “Will be our secret,” and “Can't forget you.” The body of the emails simply contains a winking emoji ;) and an attachment. The attachment’s file name begins with “LOVE_YOU” followed by a series of numbers.

Malwarebytes concludes that the attackers believe the cryptic nature of the message is enough to entice victims into opening the attachment. The messages also have the advantage of avoiding the typos that are often present in more verbose phishing emails.

The attachment is a ZIP archive containing a heavily obfuscated malicious JavaScript file which is also entitled LOVE_YOU. BleepingComputer notes that this file had a very low detection rate on VirusTotal at the time of its discovery, although it’s improved somewhat since then.

If the victim clicks on the JavaScript file, it will download and run the Nemty ransomware on their computer. Nemty is notable because it’s one of a growing number of ransomware strains that are beginning to incorporate data theft into its extortion scheme. Instead of simply encrypting data and holding the decryption key for ransom, these attackers steal their victims’ data before encrypting it. Then, if a victim refuses to pay, the attackers will threaten to leak or sell the stolen data online. This can have much more serious consequences for both the victim organization as well as for its customers

Employees need to know how to recognize social engineering hooks in order to avoid falling for this type of attack. Any mysterious email that contains an attachment or a link should be treated with suspicion, especially if it makes you want to click against your better judgment. New-school security awareness training can enable your employees to identify these tactics when they encounter them in the real world.

BleepingComputer has the story: https://www.bleepingcomputer.com/news/security/nemty-ransomware-actively-distributed-via-love-letter-spam/

Topics: Phishing Security Awareness Training

See KnowBe4 Security Awareness Training in Action

See how you can efficiently safeguard your organization from sophisticated social engineering threats.

Request a Demo

Secure the Digital Workforce: Human + AI

KnowBe4 empowers the modern workforce to make smarter security decisions every day. Trusted by more than 70,000 organizations worldwide, KnowBe4 is the pioneer of digital workforce security, securing both AI agents and humans. The KnowBe4 Platform provides attack simulation and training, collaboration security, and agent security powered by AIDA (Artificial Intelligence Defense Agents) and a proprietary Risk Score. The platform leverages 15 years of behavioral data to combat advanced threats including social engineering, prompt injection, and shadow AI. By securing humans and agents, KnowBe4 leads the industry in workforce trust and defense.

Stu Sjouwerman

ABOUT STU SJOUWERMAN

Stu Sjouwerman (pronounced “shower-man”) is the Founder and Executive Chairman of KnowBe4, Inc., which hosts the world’s most popular integrated security awareness training and simulated phishing platform, with over 54,000 organization customers and more than 50 million users. A serial entrepreneur and data security expert with 30 years in the IT industry, Stu was the co-founder of Inc. 500 company Sunbelt Software, a multiple award-winning anti-malware software company that was acquired in 2010.

Read more from Stu »

Subscribe the KnowBe4 Blog

Posts By Topic

View All