We've all seen it in our email inboxes, and some of us have fallen for the schemes that it spews. It's spam, not the kind you eat but a kind that ends up in your email inbox soliciting an enticing message that masks the objective to spread malware.
In a recent spam campaign, cybercrooks are spreading ransomware threats through a deceptive message uses the "Your package has been delivered" subject to get the attention of computer users. According to research from the security firm Endgame, cybercrooks are finding nifty ways to spread ransomware through cunning spam messages, ones that claim that you have a package that has been delivered.
Ransomware threats have morphed into one of the most aggressive and destructive types of malware in the recent years. Most new ransomware threats will encrypt files on an infected computer and then display a ransom notification that asks for a Bitcoin amount to obtain a decryption key. The computer victim may fork over the Bitcoin fee by a certain deadline created by the threat or restore their entire hard drive from a backup to get their files back. The ransomware being spread by the recent "Your package has been delivered" spam email campaign has a deadline time frame that if not met the threat will delete the encrypted files so they cannot be recovered.
The business of ransomware and the latest types of spam messages that are the primary spreading agents for recent ransomware threats is quite lucrative. It is said by Endgame that at least $18 million has been scammed out of U.S. victims of recent ransomware threats from April 2014 to June 2015.
While the typical ransom amount is averaging about $500 right now for new ransomware threats, the primary payment method remains to be Bitcoin due to it being untraceable in most situations. So far, the recent "Your package has been delivered" spam message includes an attachment that if opened it will launch the TeslaCrypt Ransomware in its 4.1A version, which is a more sophisticated variant of the threat. The latest TeslaCrypt threat includes new evasion techniques that make it harder to eliminate from an infected computer or overcome its encryption methods. Moreover, the TeslaCrypt ransomware spread by the latest spam campaign will target any Windows backups on the infected computer's hard drive making a system backup unusable.
The propagation of ransomware threats has been a major nuisance for victimized computer users. The evolution of ransomware is a clear demonstration of how relentless cyebrcrooks are becoming and demanding payments, which some victims seem they have no choice but to pay up the fine. There have been many examples of companies or organizations paying up the ransom fee to decrypt their files, such as the case of the Hollywood Presbyterian Medical Center, who coughed up $17,000 to restore their encrypted files.
Backing up your computer appears to be the best solution thus far to ransomware threats. Though, backing up your system is only good if it is a proactive step instead of one that is reactive to a ransomware threat. With new and aggressive spam campaigns like the "Your package has been delivered" email spreading an advanced version of TeslaCrypt, computer users will be required to be savvy in their backup approach well before the infection reaches their system.
So far, spam emails with attachments have remained to be the primary method for ransomware threats to spread. We can only stress the importance of using a spam filter for your email in addition to being vigilant and cautious in your approach to opening emails and attachments.