GandCrab Ransomware Gets Distributed via Fake Shipping Notification Written in Korean
2019年5月18日
We recently observed a spam email making the rounds with the subject 'SHIPPED ORDER INCORRECT.' The spammed message purports to be a shipping order notification from a known courier delivery service company and tricks the recipient to open an attachment in the email.
The email body is written in Korean and contains a RAR attachment that supposedly contains information about a parcel. The attachment has an executable file named Fedex-info_2019-05-15_02-24.dok, which is a variant of GandCrab ransomware (detected by Trend Micro as Ransom.Win32.GANDCRAB.TIOIBOCX). Once executed, the EXE file terminates a certain list of processes running in the affected system's memory, encrypts files in the system, and drops a ransom note.
To prevent system infection, we recommend users to refrain from opening unsolicited emails, especially those with attachments. Security solutions with anti-spam filtering weed out spammed messages such as this one.
垃圾邮件阻止日期/时间 : 2019年5月18日 12:03:00 GMT-8
TMASE
- TMASE引擎(全局:8.1
- TMASE样式(全局):4620