Psssst. It’s not really a love letter…
Roses are red
Violets are blue
Don’t click that link
You’ll catch a nasty case of ransomware (unless you’re Russian).
As romantic jingles go it may lack a certain je ne sais quoi, but then again, certain email deliveries being made today don’t really catch the spirit of Valentine’s Day either, with new research by email management company Mimecast showing that the threat actors behind ransomware GandCrab have launched a Valentine’s Day-themed phishing blitz.
Threat Actors typically use holiday seasons and specific dates in calendars throughout the year to target victims – often playing on emotions around events such as Valentine’s day to entice them into clicking on malicious URLs and opening malicious attachments.
Too often they are knocking at an unlocked door – research shows that phishing is still among the greatest cybersecurity risks – and the volumes are huge: Microsoft alone detects approximately 200 million phishing emails monthly.
This week, fraudulent emails offering gifts, flowers and other services are the order of the day. Fake e-greetings, fake online customers surveys, malicious dating apps – used to harvest PII and financial credentials around Valentine’s day – and more are all involved in the Valentine’s Day blitz by the cybercriminals using GandCrab, Mimecast said.
Features of GandCrab, differentiating them from other ransomware variants include the adoption of DASH cryptocurrency to enable faster and more secure transactions, the identification of Russian victims – if the ransomware detects a Russian keyboard layout, it terminates the execution and the ability to tailor and send out individual ransom notes to victims (suggesting some element of a targeted attack).
The ransomware has been so prolific that cybersecurity company Bitdefender, Europol, the Romanian Police and the FBI have teamed up to release a free GandCrab ransomware decryptor, which allows those impacted to break the malware (up to version 5.03) without paying a ransom.
(The decryption tool can be downloaded from Bitdefender Labs or the No More Ransom website – a joint project between the National Dutch Police and Europol to combat ransomware at the European Union level. GandCrab has infected over half a million victims since it was first detected in January 2018, according to Europol.