Meet the new ransomware that knows where you live
There's a new malware attack in town, and it's designed to hit a little too close to home.
A new phishing campaign is sending thousands of ominous-looking emails that contain the recipient's home address.
The well-worded email appears to come from a legitimate email address and domain name, and raises very few irregularities. The email comes with an demand for money for an arbitrary service, along with a link that purports to be an "overdue invoice."
Clicking the link will install Maktub Locker, a kind of Windows-based ransomware. (Image: ZDNet)
Click that link and open the file (which looks like a Word document), and you'll become the latest victim of ransomware -- that is, malware that encrypts your files and locks you out of your computer until you pay a ransom. The longer you wait, the larger the ransom you have to pay.
We received an email on Wednesday, which included my home address from some eight years earlier. Besides a tweet noting the phishing effort, we didn't think much more of it.
But then the BBC News also reported that some of their staffers had also received similar looking emails.
We contacted the company named in our email which demanded money that was purportedly owed.
"We're just as much victims as those who got the emails," said a person at the company who we spoke with on the phone. The Ludlow, UK-based company said that they began receiving phone calls and emails earlier this week, but stressed that the phishing emails were not from the company.
A number of other companies were implicated by the scam. BBC reports that other companies had "more than 150 calls from people who don't owe us money."
The company said it had no idea how the scammers got people's home addresses, but said they had reported the incident to police.
Rahul Kashyap, executive vice-president and chief security architect at security firm Bromium, said in an email that the scammer was using a "classic social engineering" technique by trying to "gain credibility by providing some reliable data that the potential victims can relate to."
"It appears that the scammers are leveraging some sort of database that has home addresses publicly available and using this for the scam," said Kashyap.
Scammers are increasingly moving away from enticing victims into entering their username and passwords on fake websites in order to take over accounts.
They're now turning to ransomware which has a much higher return.
In tests in CNET's lab in New York, we verified that the malware used in this ransomware attack is a variant called Maktub Locker, described as a "beautiful and dangerous" kind of ransomware.
Yonathan Klijnsma, a senior threat intelligence analyst at Dutch security firm Fox-IT, said that the fact the malware doesn't need an internet connection is "pretty significant," not least because network detection systems wouldn't be effective.
"It means you can retrieve your mail, step on a plane, open your mail and still get hit," he explained.
Ransomware is increasingly becoming problematic for private companies and citizens alike.
The FBI said last year that one popular variant of ransomware has cost businesses tens of millions in damages for lost files.
Many hospitals, in particular, have faced shutdowns and declared emergencies when their systems were hit by file locking malware. More recently, the federal agency called on US businesses in a flash advisory to help agents investigate the ever-growing kind of malware.