14 DAY TRIAL // Between August 3 and August 9, security firm Proofpoint says it detected hundreds of thousands of spam email messages spreading the CrypFile2 ransomware, mainly to US-based government agencies and educational institutions.
The campaign started very strong, with Proofpoint saying it detected hundreds of thousands of messages on the first day. The spam flood seems to have died down during the following days, but the security vendor claims it still detected thousands of messages each day until August 9.
Attackers targeted US government agencies
Most of these spam emails were sent to email addresses belonging to state and local government agencies, followed by K-12 educational institutions.
Attackers targeted other verticals, but to a lesser degree compared to these three. These include organizations from the healthcare sector, post-secondary educational institutions, telecommunications companies, insurance companies, and technology firms.
What was strange about this campaign was the presence of a relatively unknown piece of ransomware, first spotted last March.
The ransomware is called CrypFile2 and is part of the CrypBoss ransomware family, just like HydraCrypt and UmbreCrypt. Unlike those two, which have been decrypted, CrypFile2 has not been cracked by security researchers yet.
First time when CrypFile2 was distributed via a spam campaign
CrypFile2 itself seems to have received smaller, cosmetic updates, but its general mode of operation has remained the same.
The only major thing that has changed is its distribution method. In its first wave of infections, crooks employed the Neutrino and Nuclear exploit kits to infect users with the ransomware via drive-by download attacks.
For this latest campaign, crooks opted to use a spam flood that distributed emails containing Office files packed with malicious macro scripts. Opening the Office file and allowing macro scripts ("Enable Editing") would run the macro scripts, which, in turn, would download and install CrypFile2.
The main theme of this spam flood revolved around free flights and discounts from American Airlines.
