Sigma Ransomware Being Distributed Using Fake Craigslist Malspam

Sigma Ransomware Being Distributed Using Fake Craigslist Malspam (Mar 12, 2018)

The Sigma ransomware is being distributed via Craiglist-themed malspam in a new campaign; Craigslist is an American advertising and e-commerce website. The malicious emails pretend to be replies to postings for short term jobs called "Gigs" that claim to have contact information in the attached Word or Rich Text File document. The documents contain malicious macros that, when enabled, download and executes the "Sigma" ransomware. The ransomware initially demands $400 USD worth of Bitcoin for decryption, which then increases to $800 after 7 days.

Recommendation: Always be on high alert while reading email, in particular when it has attachments, attempts to redirect to a URL, comes with an urgent label, or uses poor grammar. Use anti-spam and antivirus protection, and avoid opening email from untrusted or unverified senders. Additionally, it is important to have a comprehensive and tested backup solution in place for the unfortunate case of ransomware infection.

Indicators of Compromise (IOCs) associated with this story can be viewed by ThreatStream users here to identify potential malicious activity.