December 14, 2016 by

Microsoft is Warning Christmas Shoppers about Ransomware

In a new post on its Malware Protection Center blog, software giant Microsoft has warned customers about ransomware cybercriminals targeting online shoppers through a phishing campaign.

Cybercriminals and malware authors are pushing Cerber, a strain of ransomware through a phishing campaign that purports to notify targets about impending charges on their credit cards. The ‘helpful’ email also provides instructions on how to avoid these charges, via an attached document. Unsuspecting individuals are vulnerable to fall prey to the phishing scam, which delivers a the Cerber ransomware instead.

The emails aren’t without their flaws and close scrutiny reveals a number of red flags. For instance, the sender’s name at the foot of the message has no relation to the email address it was sent from. Digits are missing from the supposed pending charges.

Highlighting the flaws, the Microsoft blog read:

The email itself is crude and shows almost no attempt to feign legitimacy. It contains some typographical errors, such as the missing number between the dollar sign and the comma in our sample. Also, users who are careful enough will likely notice that the sender address does not match the signatory.

Still, the emails are deemed effective malware vectors as they push for an urgent remedy by insisting that victims open the attached document. The payload, is a macro downloader embedded in a Word document. Although all editions of Word from Office 2010 disables Macros by default in ‘Protected View’, the authors behind the malware even detailed instructions to enable macros in order to trigger the payload.

The Cerber ransomware is often found in Russian underground forums and is notably geofenced. Meaning, the ransomware initially checks to see if the potential victim is located in Russia or in any one of the former Soviet states. If the victim is located in the region, the ransomware won’t run.

Microsoft recommends Windows users to update the software firm’s built-in security software Windows Defender to the latest definitions to detect and avoid the strain of ransomware.

About the author

Image of Author

LIFARS is a digital forensics and cybersecurity intelligence firm based in New York City. LIFARS is ranked as one of the top Digital Forensics and Cyber Investigations companies in 2016 and as one of the top cybersecurity companies in the New York metropolitan area for 2015 on the Cybersecurity 500 – a directory of the hottest and most innovative companies to watch in the cybersecurity industry.

Related articles

26% of Ransomware Attacks Target Corporate Businesses

New research from Kaspersky Lab has revealed that the number of ransomware attacks targeting...

Read more arrow_forward

Ransomware Payments to Hit a Record $2 Billion in 2017: Research

According to new research from a cybersecurity firm, ransomware payments will hit a high of $2...

Read more arrow_forward

UK Govt Blames North Korea for WannaCry Ransomware CyberAttack

  The UK government has blamed North Korea for WannaCry - the comprehensive ransomware...

Read more arrow_forward