sb-nz logo
Story image

Email-based attacks by ransomware groups on the rise

Over the last three months there has been a major increase in the number of email-based attacks using malicious Windows Script File (WSF) attachments – particularly done by ransomware groups.

That’s according to Symantec who has worked to block a number of major campaigns involving the files.

WSF files are designed to allow a mix of scripting languages within a single file which Symantec explains are opened and run by the Windows Script Host (WSH).

According to Symantec, malicious WSF files have been used in a number of recent major spam campaigns spreading Locky.

For example, between October 3 and 4, Symantec blocked more than 1.3 million emails with the subject line "Travel Itinerary."

The emails claimed to come from a major airline and came with an attachment that consisted of a WSF file within a .zip archive.

If the WSF file was allowed to run, Locky was installed on the victim's computer.

Not long after, on October 5, the same attack group launched another massive malicious spam campaign with the subject line "complaint letter."

Symantec says it was able to block more than 918,000 of these emails and explains that the campaigns are part of a broader trend.

Over the past few months, the cyber security organisation has noticed a major increase in the overall numbers of emails being blocked containing malicious WSF attachments.

In June there were just over 22,000 with the figure shooting up to more than 2 million in July. September was a record month, with more than 2.2 million emails blocked.

For constant protection, Symantec advises to regularly back up any files, keep security software up to date and always delete any suspicious looking emails. 

Story image
As digital transformation grows in A/NZ companies, misconceptions about their role in cloud security abound
While an 81% majority of A/NZ organisations are accelerating their digital transformation, a giant 99% of surveyed respondents say they believe their cloud security provider provides enough protection, according to a Trend Micro study. More
Story image
Alibaba Cloud and LGMS tackle hybrid and multi-cloud security
Alibaba Cloud and LGMS, a cybersecurity consulting company, are teaming up to tackle the challenge of security around digital transformation and hybrid cloud.More
Story image
Trend Micro adds cloud-native container security to Cloud One Services Platform
Designed to ease the security of container builds, deployments and runtime workflows, the new service helps developers accelerate innovation and minimise application downtime across Kubernetes environments.More
Story image
Fortinet promises free cybersecurity training until skills gap trend reverses
"We are committed to continue offering the entire catalogue of self-paced Network Security Expert training at no cost until we see the skills gap trend reverse."More
Story image
The current state of ransomware — and its future
Discoveries made by analysts at Sophos have unearthed a new development: ransomware code appears to have been shared across ‘families’, and some of the ransomware groups seemed to work in collaboration more than in competition with one another. More
Story image
Sophos unearths origin of prominent cryptominer
The cryptominer was recently discovered when attackers targeted internet-facing database servers (SQL servers), and the MrbMiner was downloaded and installed.More