Microsoft Warns Holiday Shoppers About Ransomware In Scam Emails

Worried that you’ve gone a little overboard with your holiday spending this year? Then you’re exactly the kind of person that cybercriminals are hoping to reach with a new phishing campaign.

Worried that you’ve gone a little overboard with your holiday spending this year? Then you’re exactly the kind of person that cybercriminals are hoping to reach with a new phishing campaign.

Microsoft has published a new post on their Malware Protection Center blog that warns about scam emails that are pushing the Cerber ransomware. The emails claim to be notifying potential victims of impending charges on their credit cards. In order to avoid the charges, instructions included in an attached document have to be carefully followed.

Scrutinize the phishing attempt, and you’ll spot several things wrong. The sender’s name at the end of the message has no relation whatever to the email address it was sent from. The victim is greeted not by name but instead by the local-part of the email address. MasterCard isn’t capitalized correctly. There’s a digit missing from the supposed charges.

As Microsoft notes, there’s been very little effort put into making the message look believable. There are numerous red flags, and security-minded individuals will instantly hear Admiral Akbar’s unmistakable voice telling them “It’s a trap!!”

Image: Microsoft

Image: Microsoft

Not everyone will hear it, of course. Scams like these persist because someone, somewhere is still willing to open attachments from unfamiliar sources. In those cases, sound judgement takes a back seat to the urgency, fear, and the promise of a quick fix in the email.

What Is Cerber?

Like other ransomware, Cerber scans a freshly-infected computer for specific file types, encrypts them, and then demands payment from the victim.

Shortly after it was discovered, security researchers found Cerber being peddled in Russian underground forums — where those with criminal aspirations can rent it as a service. One of Cerber’s more interesting features is that it’s geofenced.

When the malicious executable is launched for the first time it checks to see if the potential victim is located in Russia or one of the former Soviet Republics. If it is, Cerber won’t run. It’s actually a common tactic for malware: Russian authorities tend not to be as quick to prosecute criminals if they’re not targeting their countrymen.

Leave a Reply

Your email address will not be published. Required fields are marked *