Fake CDC Emails Warning of Flu Pandemic Push Ransomware (Mar 21, 2019)
MyOnlineSecurity researchers have found a phishing email that purports to be from the "Centers for Disease Control and Prevention" (CDC) concerning a "Flu pandemic warning." The email claims that influenza infections are "severely elevated," and that 20,000 people have been killed by the flu with an additional 220,000 people being "urgently hospitalized." The email advises a recipient to view the attached Microsoft Word document called "Flu pandemic warning." Opening the document will cause a user to be prompted to "Enable Editing" or "Enable Content" to properly view it. Enabling content will launch a malicious macro that begins the infection process for the "GandCrab v5.2" ransomware.
Recommendation: The impersonation of government agencies continues to be an effective phishing tactic. All users should be informed of the threat phishing poses, and how to safely make use of email. in the case of ransomware infection, the affected system should be wiped and reformatted, and if at all possible the ransom should not be paid. Implement a backup solution for your users to ease the pain of losing sensitive and important data.
Indicators of Compromise (IOCs) associated with this story can be viewed by ThreatStream users here to identify potential malicious activity.