Cyber Crooks using false CDC emails to proliferate Gandcrab v5.2 ransomware
A Cybersecurity company My OnlineSecurity announced a week ago that had spotted a new spam campaign that leading the most infamous Gandcrab v5.2 ransomware. It claims that the false message comes on the users’ Gmail account with the address line “Centres For Disease Control and Prevention” and the Subject is about the “Flu pandemic warning”. Like other spam campaign, the spam email message encourages the recipients into clicking some document attached on the email by claiming that this contains direction to prevent the Flu.
More about the designed spam email message
Below is the full text of the spam email the senders design:
“Please focus on this special announcement!
Presently, influenza activity is severely elevated. US Center for Disease Control and Prevention (CDC) estimates that during a last four months, the situation has deteriorated essentially: near 20 thousand diseased people were killed by the flu already, and more than 220,000 were urgently hospitalized.
To stop spread of the disease and keep people from the flu, US Center for Disease Control and Prevention developed a directions list.You could find DOC file with this list attached to the e-mail. It is recommended to read it attentively and follow the directions to prevent the disease. With care of your health, CDC Communication Department.
Not interested anymore? Unsubscribe”
The person having good eyes can find that this email has not been sending via the legitimate CDC but the [email protected] Hence, users must avoid clicking on the attached document. Accessing to the “Flu pandemic warning doc” leads the Gandcrab v5.2 downloaded from hxxp://18.104.22.168/samanta.exe and the containing payload is transferred to C:\Windows\\Temp folder on Windows machine.
Soon after that the malicious threat will encrypt the stored files on the PC by launching some sophisticated encryption algorithm. The encryption files will get renamed with some random extension. Then, a ransom note is generated by the threat to inform the unsuspecting users about the ransomware attack and the encryption of the files as well as instruct them to contact the ransomware developers and purchase the unique decryption tool to supposedly retrieve the files.
Stay away from any spam email campaign
If your files become encrypted by this ransomware, you will be asked ransom payment to get the files. However, there will be no any guarantee that the Cyber crooks will provide you that unique decrpyter. They even demand for much money or may send some cracked software and so, Cyber Security experts recommend not paying the ransom fee to the evil minded scammers.
In such a situation, you have to use some data recovery software if available. If not, then use some any existing backup to restore the files back to the system. Additionally, try to stay away from opening any spam email attachment so that no any threat attacks in the future.