Don’t Click: Fake Herbalife email ransomware sweeping globe

Don’t Click: Fake Herbalife email ransomware sweeping globe

Thursday, 21 September, 2017

Email ransomware thought to originate in Greece or Vietnam is spreading rapidly across multiple countries, according to security researchers at US-based Barracuda Networks.

The threat started circulating sometime on Tuesday 19 September with millions of attacks developing hour by hour.

“We are actively monitoring an aggressive ransomware…so far we have seen roughly 20 million of these attacks in the last 24 hours, and that number is growing rapidly,” said lead platform architect Eugene Weiss at Barracuda’s Advanced Technology Group.

What to watch for

It begins with a fairly standard and unsophisticated spamming technique.

  • First a faked email purporting to be from nutrition supplement company Herbalife drops into a users’ inbox.
  • Then, it locks up the computer of anyone who clicks on a link which states “payment is attached”.

Don't Click: Fake Herbalife email ransomware sweeping globe

Don’t click and whatever you do, don’t pay

The cybercriminals behind the attack could not restore your work even if they wanted to, says Weiss.

Even if you pay the ransom to get your computer unlocked, you won’t get your work or your files back.

It might sound obvious that you shouldn’t hit a link in an email you don’t recognise.

But this attack works because, as Weiss told Axios, it bypasses any technical hack and instead uses the psychological tactic to get someone to click on something they know they shouldn’t.

These attacks are being automatically generated but with a template that randomizes parts of the email.

So the domains used to send them out are constantly changing and bypass standard security offered by anti-virus engines.

Don't Click: Fake Herbalife email ransomware sweeping globe 3

Don't Click: Fake Herbalife email ransomware sweeping globe 2

Stay safe: Have I been pwned? Spambot harvests 711 million email addresses

From NHS to you

Ransomware hit the headlines in May when a malware variant of the Wanna Decryptor, dubbed WannaCry, brought down NHS computer systems at 16 UK hospitals.

Nurses were shocked to see their screens freezen when they tried to access patient records, followed by a pop-up demanding cash ransoms of between $300 and $600 in Bitcoin.

Don't Click: Fake Herbalife email ransomware sweeping globe 7

Accident and Emergency departments up and down the country for forced to divert ambulances as staff were urged to turn off their machines. The attack stoked fears that criminals could relatively easily exploit known weaknesses in crucial IT systems.

WannaCry malware has been detected 36,000 times in the past year and it has already infected targets in 11 countries.

What to do

Delete, ignore, move on
If your email spam filter doesn’t block the ransomware email, just delete it and move on.

Tell your friends
Everyone appreciates a heads-up warning and while UK reports have been limited so far this could easily find its way on to a laptop near you.

Update: A new variant of the ransomware appeared on Tuesday evening, Barracuda say.

It will appear with the subject line “Emailing – (attachment name)” as in the picture below.

Don't Click: Fake Herbalife email ransomware sweeping globe 5

Tom Rodgers author picture

By:

Tom is a tech journalist and former Editor at BroadbandDeals.co.uk.

News What's the story?

Keep up with the latest developments in UK broadband.

KCOM buyout means more fibre for Yorkshire

Hull's homegrown ISP sells for more than half a billion.

KCOM buyout means more fibre for Yorkshire Read more

Virgin gigabit trials begin in Southampton

Nationwide gigabit takes a big step forwards with Virgin's new network upgrade.

Read more

Tesco customers get triple value with NOW TV

Get the most out of your Clubcard points with streaming discounts.

Read more

CityFibre bring full-fibre to 70,000 homes

Only 4.9 million to go...

Read more

Help Learn with us

Make the most of the internet with our broadband library.

What are the risks of using public WiFi?

What are the risks of using public WiFi? Read more

How to optimise WiFi connections in old buildings

Read more

How to choose a broadband provider you’ll be happy with

Read more
Back To Top