Don’t Click: Fake Herbalife email ransomware sweeping globe

Don’t Click: Fake Herbalife email ransomware sweeping globe

Thursday, 21 September, 2017

Email ransomware thought to originate in Greece or Vietnam is spreading rapidly across multiple countries, according to security researchers at US-based Barracuda Networks.

The threat started circulating sometime on Tuesday 19 September with millions of attacks developing hour by hour.

“We are actively monitoring an aggressive ransomware…so far we have seen roughly 20 million of these attacks in the last 24 hours, and that number is growing rapidly,” said lead platform architect Eugene Weiss at Barracuda’s Advanced Technology Group.

What to watch for

It begins with a fairly standard and unsophisticated spamming technique.

  • First a faked email purporting to be from nutrition supplement company Herbalife drops into a users’ inbox.
  • Then, it locks up the computer of anyone who clicks on a link which states “payment is attached”.

Don't Click: Fake Herbalife email ransomware sweeping globe

Don’t click and whatever you do, don’t pay

The cybercriminals behind the attack could not restore your work even if they wanted to, says Weiss.

Even if you pay the ransom to get your computer unlocked, you won’t get your work or your files back.

It might sound obvious that you shouldn’t hit a link in an email you don’t recognise.

But this attack works because, as Weiss told Axios, it bypasses any technical hack and instead uses the psychological tactic to get someone to click on something they know they shouldn’t.

These attacks are being automatically generated but with a template that randomizes parts of the email.

So the domains used to send them out are constantly changing and bypass standard security offered by anti-virus engines.

Don't Click: Fake Herbalife email ransomware sweeping globe 3

Don't Click: Fake Herbalife email ransomware sweeping globe 2

Stay safe: Have I been pwned? Spambot harvests 711 million email addresses

From NHS to you

Ransomware hit the headlines in May when a malware variant of the Wanna Decryptor, dubbed WannaCry, brought down NHS computer systems at 16 UK hospitals.

Nurses were shocked to see their screens freezen when they tried to access patient records, followed by a pop-up demanding cash ransoms of between $300 and $600 in Bitcoin.

Don't Click: Fake Herbalife email ransomware sweeping globe 7

Accident and Emergency departments up and down the country for forced to divert ambulances as staff were urged to turn off their machines. The attack stoked fears that criminals could relatively easily exploit known weaknesses in crucial IT systems.

WannaCry malware has been detected 36,000 times in the past year and it has already infected targets in 11 countries.

What to do

Delete, ignore, move on
If your email spam filter doesn’t block the ransomware email, just delete it and move on.

Tell your friends
Everyone appreciates a heads-up warning and while UK reports have been limited so far this could easily find its way on to a laptop near you.

Update: A new variant of the ransomware appeared on Tuesday evening, Barracuda say.

It will appear with the subject line “Emailing – (attachment name)” as in the picture below.

Don't Click: Fake Herbalife email ransomware sweeping globe 5

Tom Rodgers author picture

By:

Tom is a tech journalist and former Editor at BroadbandDeals.co.uk.

News What's the story?

Keep up with the latest developments in UK broadband.

BT and O2 launch 5G in the same week!

BT and O2 are the latest networks to enter the bitter high street 5G battle.

BT and O2 launch 5G in the same week!BT and O2 launch 5G in the same week! Read more

UK Porn block for children has been scrapped.

The government’s controversial ‘porn blocker’ plan, mired in delays and problems, has been officially scrapped.

Read more

Gigaclear undertake costly fibre install UNDER River Severn to reach rural customers

The upstart ISP embarks on ambitious plan to ensure rural customers have access to full fibre broadband!

Read more

New rules bring full-fibre to apartment blocks

New measures help ISPs sidestep rogue landlords

Read more

Help Learn with us

Make the most of the internet with our broadband library.

Minimum connection speeds for common online activities

Read more

How many companies provide full fibre broadband?

Read more

What is Britbox, and how do I get it?

The latest addition to the crowded TV Streaming market may struggle to break through

Read more