Cyber attacks on enterprises via Dropbox aren’t new – in fact, we were warning about them last year. However, bad actors routinely adjust their tactics, and this latest ransomware variation is a doozy.
As investigated by PhishMe, bad actors are sending ordinary-looking emails that claim to deliver a fax or invoice. However, when victims click the link to view the document, they download a .zip that contains a Windows Screensaver file embedded with malware. And since Windows treats screensaver files (.scr) the same way that it treats executable files (.exe), as soon as the program is run, the payload is delivered and the machine is infected.
That’s when things get nasty, because instead of reading a fax or invoice, victims are greeted with a variant of the CryptoLocker ransomware Trojan that encrypts select files, hurls the key to a remote server, and launches a browser pop-up that demands $500. What’s more, in an absurd business-like manner, victims who fail to take advantage of this “early bird offer” soon find that the ransom doubles to $1000. So far, it’s believed the campaign has infected over 300,000 computers, though it’s not sure how much money has been extorted.
What makes this type of ransomware campaign especially difficult to deal with, is that Dropbox – for all of its recent security improvements – is powerless to stop it. All it can do is tell users (for the 100th time) to be vigilant when it comes to opening emails, downloading attachments, and visiting websites. Beyond that, it’s up to users to be smart and safe.
The same lesson about being smart and safe can easily be applied to enterprises. It is up to enterprises to switch their network security paradigm from prevention to detection — so they can spot early-stage cyber attacks and prevent breaches from becoming infections.
Learn how today’s security teams are protecting themselves against cyber attacks with this White Paper, “Combating Advanced Persistent Threats through Detection.”
The post Ransomware Trojan Delivered via Fake Dropbox Email appeared first on Seculert Blog on Advanced Threats and Cyber Security.
