Researchers at Trustwave recently discovered a malicious spam campaign. The email comes as an executable file via email with a tell-tale two sentence subject line that reads “Install Latest Microsoft Windows Update now! Critical Microsoft Windows Update!” There is only one sentence to the actual email itself.
Disguised as a .jpg, the file really contains both the ransomware and its builder. The builder can be used to create malware variants. The researchers were able to trace the Cyborg ransomware back to the builder hosted on the Github developer platform: meaning anyone could get a hold of the builder and create their own Cyborg ransomware executable.
Researchers informed Github Sunday evening of the discovery, and despite the fact that the account was active on Github during the validation process, they found no more evidence of the executable being sent out. The Trustwave researchers were quick to point out that this doesn’t mean the threat is eliminated. “The Cyborg Ransomware can be created and spread by anyone who gets hold of the builder,” warned in their post. “It can be spammed using other themes and be attached in different forms to evade email gateways.”
As always, it is crucial to educate yourself and your employees with security awareness training. A few quick ways to spot common spam and phishing emails include: grammar errors, misspelled words, a warning to “act now!” or “click here immediately!”, unusual sender address or URL, strange links, and instructions that ask for personal information.