19 Mar Ransomware – Phishing
We received a phishing email the other day and decided to open it in order to analyze it.
Here is the actual email:
The link points to a Google Drive location:
It may seem like an ordinary PDF file, but in fact it’s a VBS file (a visual basic script that when opened executes commands on your computer)
Here is the link opened in a browser:
Windows 10 is smart enough to warn you that the file is a virus!
However you can bypass the alert and save it:
There is a second warning but you can still download it. Some people in a hurry will just click on all warnings and will eventually open it.
On a windows 7 computer when using Internet Explorer things are much “simpler” for the bad guys:
You don’t get a warning that the file is a virus, you just get warned that the publisher is not verified. It sounds less harmful than a virus.
We opened the vbs file:
Here you can see the code that will be executed once the pdf is opened. Most of the code is “obfuscated”, in other words it’s written in a complicated way to make the contents impossible to understand. Once active, it will try to infect your computer and ask for ransom etc.
It’s clear that we need to have the latest updated versions of operating systems and browsers on our computers.
We also believe that shared locations such as Google Drive, Dropbox etc. have to be blocked. Anyone can open an account and upload malware. At the moment hosting companies allow all type of files to be stored.
The most important thing is to be proactive by keeping your people both up to date and educated on threats and security.