December 14, 2016 by

Microsoft is Warning Christmas Shoppers about Ransomware

In a new post on its Malware Protection Center blog, software giant Microsoft has warned customers about ransomware cybercriminals targeting online shoppers through a phishing campaign.

Cybercriminals and malware authors are pushing Cerber, a strain of ransomware through a phishing campaign that purports to notify targets about impending charges on their credit cards. The ‘helpful’ email also provides instructions on how to avoid these charges, via an attached document. Unsuspecting individuals are vulnerable to fall prey to the phishing scam, which delivers a the Cerber ransomware instead.

The emails aren’t without their flaws and close scrutiny reveals a number of red flags. For instance, the sender’s name at the foot of the message has no relation to the email address it was sent from. Digits are missing from the supposed pending charges.

Highlighting the flaws, the Microsoft blog read:

The email itself is crude and shows almost no attempt to feign legitimacy. It contains some typographical errors, such as the missing number between the dollar sign and the comma in our sample. Also, users who are careful enough will likely notice that the sender address does not match the signatory.

Still, the emails are deemed effective malware vectors as they push for an urgent remedy by insisting that victims open the attached document. The payload, is a macro downloader embedded in a Word document. Although all editions of Word from Office 2010 disables Macros by default in ‘Protected View’, the authors behind the malware even detailed instructions to enable macros in order to trigger the payload.

The Cerber ransomware is often found in Russian underground forums and is notably geofenced. Meaning, the ransomware initially checks to see if the potential victim is located in Russia or in any one of the former Soviet states. If the victim is located in the region, the ransomware won’t run.

Microsoft recommends Windows users to update the software firm’s built-in security software Windows Defender to the latest definitions to detect and avoid the strain of ransomware.

About the author

Image of Author

LIFARS is the global leader in Digital Forensics and Cyber Resiliency Services. Our experience spans two decades working on high profile events, often in concert with Law Enforcement Agencies around the world. Our proprietary methodology derives directly and indirectly from our experience working with and for U.S. Intelligence Agencies, Interpol, Europol, and NATO. We are solely dedicated to Cyber Resiliency and thus pay close attention to all aspects of our clients’ engagements experience while providing a strategic and integrated array of services to minimum risk and disruption while protecting your brand.

Related articles

US Hospital Coughs Up $55,000 to Hackers after Ransomware Attack

A ransomware attack targeting a hospital in Greenfield, Indiana, has seen hackers make away with...

Read more arrow_forward

Meltdown, Spectre Bugs Bring More Grief to Microsoft, AMD Users

Microsoft has temporarily paused issuing patches to the Metldown and Spectre vulnerabilities for AMD...

Read more arrow_forward

47 Million Emails/Day: Necurs Botnet Launches Massive Ransomware Campaign

A cybersecurity firm has revealed it has blocked as many as 47 million emails per day spewed by the...

Read more arrow_forward