Digital attackers are sending out fake flu warnings that appear to come from the U.S. Center for Disease Control (CDC) in order to distribute GandCrab ransomware.
An attack begins when a user receives a fake CDC email. The sender field claims that the email came from “Centers for Disease Control and Prevention.” But a closer look reveals the sender to actually be “Peter@eatpraynope.com,” an email address which has nothing to do with the CDC.
That’s not the end of the attack campaign’s mischief. The email’s subject line of “Flu pandemic warning” also has something to hide. As explained by My Online Security:
To confuse the issue even more the subject line was written in what looks like a mix of cyrillic & western characters & encoded in UTF8 format so a computer will automatically translate / decode it. When I first tried to post this, I got a garbled mess of characters in the url to this post where the Copy & pasting from the email picked up the utf8 format.
The body of the email itself tries to trick the recipient into viewing an “Instructions DOC” link so that they can protect themselves against the flu. When clicked, the link loads a Microsoft Word document that’s empty except for its “Urgent notice” heading. The document also comes with malicious macros that download GandCrab ransomware when enabled.
Unfortunately, the attack campaign is currently distributing version 5.2 of the crypto-malware. This variant is currently beyond the scope of a free decryptor developed for the ransomware.
Users can help protect themselves against attack campaigns such as this one by familiarizing themselves with the most common attack techniques employed by phishers. They should also back up their data on a regular basis, update their OS for known vulnerabilities and follow these additional tips to prevent a ransomware infection.