Cybercriminals now use Dropbox links to spread ransomware via phishing emails

by Julie Splinters - - 2017-02-28

The number of ransomware attacks is growing^[1], and while malware analysts concentrate on such dangerous viruses like Cerber, Locky or Spora, developers of less pronounced ransomware^[2] viruses get a chance to improve their projects silently. Surprisingly, we have noticed an increased number or Crypt0L0cker attacks lately – it seems that authors of this ransomware have updated not only the virus but also its distribution methods as well. Currently, Crypt0L0cker ransomware is distributed via malicious spam emails that contain a short message with a phishing DropBox URL in it^[3]. This URL points to a malicious .ZIP or .JS file, which is meant to infect the user’s system with ransomware as soon as the victim downloads and launches it. The malicious emails typically have such text in their subject fields: PDF-faktura or just Faktura.

At the moment, two big phishing mail campaigns were noticed – one of them targets Turkish-speaking people, and the other one targets people from Sweden. The latter one uses forged emails that trick people into thinking that the sender is an employee of A1 Telekom company^[4]. We do not exclude the possibility that more variants of such phishing emails will come into a daylight shortly.

Phishing emails are often used to deliver ransomware.

Obviously, visiting such link can compromise your PC system in minutes, so again we want to remind you to stay away from emails sent by strangers. It is extremely important because mail spam is still the main ransomware distribution technique used by the majority of ransomware crooks nowadays. According to “Spam and phishing in 2016” report by Kaspersky Labs^[5], the statistics show that the amount of malicious spam recorded in 2016 is simply worrisome, and same tendencies seem to continue in 2017.

One of the most influential factors is the arrival of Ransomware-as-a-Service, which allows non-tech savvy crooks to join ransomware affiliate programs and help spread the malware in exchange for as much as 50-70% commission. In general, even 20% of all spam emails sent throughout 2016 contained a ransomware virus, and this fact should force you to get up and take all necessary measures to protect your PC from ransomware. There’s no need to mention how precisely attackers indite phishing emails, so even the most experienced computer users can be deceived.

About the author

Julie Splinters - Anti-malware specialist

Julie Splinters is the News Editor of 2-spyware. Her bachelor was English Philology.

Contact Julie Splinters
About the company Esolutions

References

^ Jonathan Crowe. Ransomware by the Numbers: Must-Know Ransomware Statistics 2016. Barkly Endpoint Security Blog. The latest endpoint security news, tips, and actionable insights.
^ Yuri Ilyin. Ten facts about ransomware. Kaspersky Lab Business Blog. Examines the enterprise and best practices on how to protect your company.
^ Tweet by @_operations6_. Twitter. Online News and Social Networking Service.
^ Tweet by‏ @SkadligKod. Twitter. Online News and Social Networking Service.
^ Darya Gudkova, Maria Vergelis, Nadezhda Demidova, Tatyana Shcherbakova. Spam and phishing in 2016. Securelist. Kaspersky Security Bulletins.