There is a new spam campaign targeting Scandinavians that’s spreading nasty ransomware—with a 0% detection rate.
Heimdal Security has identified the campaign as the fourth major ransomware campaign in the wild since the beginning of September, including one that compromised 142 million legitimate websites for its cause. This one starts by sending email with an attached Word document to arbitrary recipients. That document contains macros, which, when activated, will download and run the malicious ransomware, encrypting and locking up all files on the PC.
In order to decrypt the files and regain access to the data, the victim must first communicate with two different Gmail accounts and pay the ransom.
It’s pretty straightforward except for one thing: This spam campaign has managed to completely avoid detection by all of the 57 anti-malware tools listed in VirusTotal.
So how to protect oneself? Users should exercise extreme caution when it comes to opening emails from unknown senders—but should also make sure everything on their systems is up to date.
“Outdated browsers are some of the most-used attack angles that cyber-criminals employ in their campaigns,” said Andra Zaharia, security specialist at Heimdal Security, in a blog. “So things become quite risky when millions of users choose or are forced by their employers to use versions of IE, Firefox or Chrome which are not up to date.”
Out-of-date operating systems also pose a huge threat, especially when 3.6% of Internet users worldwide still have Windows XP installed, which Microsoft cut off support for months ago. And, social engineering continues to be successful.