There’s a new malware attack in town, and it’s designed to hit a little too close to home. A new email phishing campaign seems to be going around that is sending ominous-looking emails to thousands of people that contain the recipient’s home address. Once a user clicks on the link in the email their computer gets infected.
Called ‘Maktub Locker,’ the ransomware starts hooking its victims through an innocent-looking email, which may come from a legitimate-looking email address. The email usually contains a demand for money from an overdue invoice. What sets this ransomware apart is that it seems to have an idea of where the victim lives, including their actual home address inside the message. Also too, the message contains a link that allegedly opens a printable version of the document mentioned. Clicking on the link will download what looks like a Word document. The file will open, but it is unknown to the user that the download is performing another operation in the background, which is encrypting the user’s files making the computer and all of its contents inaccessible. Once the encryption is done, the program will lock the user out of their computer and display a message stating that their personal files have been encrypted. A timer is also displayed, indicating how much time a victim has left in order to pay the ransom. The payment starts at 1.4 Bitcoins (~$588 US), and rises as time passes. And so for anyone who has important or mission critical files that are not backed up to a different location then you might be in trouble.
Well, it appears that the scammers are leveraging some sort of database that has home addresses publicly available or have successfully hacked into secured systems and are extracting the data they need to make these emails look very legitimate. In any event, it looks like these new online social engineering email scams are moving away from enticing victims into entering their username and passwords on fake websites in order to take over accounts. They’re now turning to holding your files on your computer for ransom which seems to have a much higher return. One other thing to note is the fact that this Maktub ransomware won’t infect systems using the Russian keyboard locale, which may hint at least to the nationality or location of the culprits.
If you comply and pay them your still not guaranteed to get your files back and that is why most tech experts you talk to recommend never paying since it just adds fuel to the fire giving these scammers more momentum. It is unlikely your will get your files back since the encryption used seems to be very strong though you could get a new hard dive with a fresh install of Windows to get your computer in working order again.
Finally, if you use a Mac or iOS device you don’t have worry as much about ransomware yet. And so if you are on a Windows machine then you might want to think about not opening attachments or clicking on links in your email even if it’s from reputable companies or people you know. If that’s not possible then making sure you have some kind of anti-ransomware or anti-virus software installed on your machine like Norton Anti-virus or Bitdefender’s Anti-CryptoWall may help. You can find more information at: labs.bitdefender.com. Finally you might want to think about backing up your files online using Dropbox, Google Drive or Microsoft OneDrive or full system cloud backup services like CrashPlan or Carbonite.