June 2018, Mark Howard
We haven’t encountered any instances among our clients and hasn’t been in the wild yet, but a new type of ransomware has been detected targeting cloud email inboxes.
Those using cloud-based email services such as Gmail or Microsoft Exchange (which is most of us…), should alert their employees and networks and review their systems to ensure no one gives this ransomware access to their systems.
How it tries to gain access?
The method starts by sending a branded email that promises a Microsoft anti-spam service. When the user clicks on the email to install the service, they instead receive a ransomware payload that encrypts all of their emails and attachments in real time. Follow the links below to see how these emails look and what the virus asks you to do.
What to do?
If it seems suspicious, tell all your users to err on the safe side and forward the email to h.......@businessit.co.nz and delete the email. We can then investigate and suggest a course of action if required.
If you have any further questions, please do give us a call.
For more information with screenshots read Datto’s article or the blog post about it on the KnowBe4 or watch the short video they made about this ramsomware:
Click here to go to YouTube if the video does not display properly in your browser.