Blog

Are Voice Message Notification Emails The Latest Ransomware Delivery Vessel?

Ransomware attacks are now being delivered via voice message notification emails to unsuspecting victims.

A June 2016 Federal Bureau of Investigation (FBI) report revealed that an average of 4,000 ransomware attacks occurred per day in 2016. During 2017, the number of ransomware attacks continues to grow as hackers combine effective phishing scams with malicious code. In fact, by Quarter 3 of 2016, 97.25 percent of phishing scams were embedded with ransomware. Now, in 2017, hackers are beginning to use voice message notification emails as the latest tool for delivery ransomware to unsuspecting victims.

Cyber Security

How And Why Are Hackers Using Voice Message Notification Emails To Deliver Ransomware?
Hackers are notorious for discovering new loopholes, “open doors,” and methods for delivering malicious code. Hackers successfully leveraged billing notifications and banking emails during 2016 to gain personal information from unsuspecting Australian bank members. Banks and businesses throughout the world have since become more diligent about alerting their customers to phishing scams, particularly those embedded with ransomware. During 2017, hackers have now turned to voice message notification emails as a way to target an even larger group of individuals. Anybody can receive an email with a voicemail notification, which means that this type of attack poses an even larger threat to both individuals, businesses, and government organizations.

There are currently two main types of ransomware strains that are being used during voice message notification email attacks: Cerber and Zepto.

  • Cerber — One of the most prevalent ransomware strains is Cerber. This particular type of ransomware can use text to speech synthesizers to pressure victims into paying the designated ransom. The seemingly legitimate email has a voice message that is attached as a .WAV file within a .zip folder. Victims unsuspectingly download the file and folder. The ransomware is hidden within the .ZIP folder. It is designed to immediately install and change the names of files to [original file name].crypted. Unfortunately, the chosen delivery mechanism means that victims will discover the attack once it has already taken effect. In fact, the default settings of Microsoft Outlook, which automatically enables missed call notification emails, is readily being exploited by Cerber.
  • Zepto — A Locky copycat, Zepto ransomware is delivered via .WSF files. This type of ransomware has recently expanded beyond its initial malicious .DOCM attachments and zipped .JS files. Now, Zepto uses .WSF files to encrypt the original files on the victim’s PC. The HTML-formatted digital ransom notes are automatically placed in folders and the original file names are encrypted with a long alphanumeric string that ends with the .ZEPTO file extension. Unfortunately, as of the writing of this post, there isn’t a decryptor available for the Zepto ransomware.

How Can Businesses Protect Themselves Against The Latest Attacks?
Both Cerber and Zepto are delivered via phishing scam emails. In order to protect their vital data and files from encryption, businesses must educate their employees on cyber security best practices, including how to spot a phishing scam email. The following tips can help employees recognize potentially malicious emails that contain ransomware:

  • Anti-virus software might not recognize that the attached .ZIP files are malicious; as such, users need to pay close attention to file formats. Additionally, an anti-virus software with behavioral capabilities should be used to further increase the likelihood that ransomware voice message notification emails will not be delivered to inboxes.
  • Automated voicemail systems typically deliver .WAV or MP3 files that are not embedded within a compressed .ZIP folder.
  • Automated voicemail systems do not use the following types of file formats: .ZIP, .PDF, .DOC(M). If a voice message notification email contains the latter file formats, then it is highly likely that it is a phishing scam that is embedded with ransomware.

In addition to the above tips, employees should be educated on the type of voicemail files that are delivered via your company’s chosen phone system. In this vein, employees should be trained to recognize the format, text body, naming of attachments, email address, and delivery method of voice message notification emails. You can further safeguard your business data and files simply by teaching your employees how to recognize a legitimate voice message email vs. a phishing attempt. Through the latter efforts, employees are less likely to fall victim to the generic-looking or poorly constructed voicemail phishing attacks that hackers have begun to use.

The Bottom Line: Protect Your Vital Data Today
Businesses that use a phone system with voice message notification emails are at a high risk for the above types of ransomware attacks. The moment that an unsuspecting employee downloads the malicious files, the ransomware is installed and the results can be devastating. To protect yourself and your vital business data, you need to ensure that employees are properly educated on how to detect phishing scams and ransomware attacks, leverage a secure offsite backup of your data, and use the right antivirus software. To further safeguard your business data and files from voice message notification email attacks, contact the McLane Intelligent Solutions cyber security experts today.