New Crypto Ransomware Campaign Targets Lonely Hearts

Emails sent by cybercriminals using 'GandCrab' have romantic subject lines.

A new round of phishing emails containing romantic messages has reportedly attempted to quite literally seduce their readers into clicking ransomware-ridden links.

Indeed, the Mimecast Threat Labs Team released a report saying that threat actors behind GandCrab, a ransomware that encrypts its victim’s files, are sending messages with subject lines such as ‘This is my love letter to you’, ‘Wrote my thoughts down about you’, ‘My letter just for you’ and ‘Felt in love with you.’

Asia Trading Summit – The Leading Investment Event in China

Roses are red,
Violets are blue,
Bitcoin is volatile,
Like my passion for you.

”Felt in Love With You”

The email contains nothing more than an asterisk symbol (*) and an attached zip file. According to the report, each of the zip files is titled “Love_You_2018_” followed by seven or eight random numbers. The unfortunate souls who click the file are then asked if they prefer to see it in English, Chinese, or Korean (an indication that the speakers of these languages are the target victims of the ransomware.)

GandCrab’s victims are then asked to send Bitcoin or DASH cryptocurrency to a wallet address in order to regain access to their files. The victim is told that their ransom will be doubled if it isn’t paid within seven days. Bizarrely, victims who don’t know how to use cryptocurrency can use a sort of live chat window within the ransomware to get help on how to pay the attackers’ demands.

Suggested articles

Why Ethereum Needs Layer 2 Solutions More Than EverGo to article >>

Interestingly, the ransomware can detect Russian victims and will stop the attack on computers who have Russian-configured keyboards. According to Mimecast, “this signals these campaigns are specifically designed to not target Russian users.”

Additionally, GandCrab’s classification as a RaaS means that it’s essentially ransomware for hire: “in a [RaaS] situation, an unprincipled vendor offers hackers and malicious actors a platform tool for the purposes of using ransomware to hold computer files, information or systems hostage,” reads a definition from Techopedia.

The Holidays Are a Busy Time for Cybercriminals

Mimecast’s report also stated that cybercriminals–particularly those that user ransomware–often take advantage of the holidays as a time to pry their way into personal email inboxes.

The holiday season also “[offers] the opportunity for threat actors to harvest a vast amount of information and data that is input into online shopping websites by coming up with fake websites and fake customer surveys that promise to deliver anything from fake vouchers to ‘great deals’ to the victim,” the report said.

Mimecast identified several different kinds of emails and websites in addition to the fake romantic messages, including fake e-greetings, fake online customers surveys, emails offering fake gifts and services, malicious dating apps, and non-malicious dating apps and websites that had been hacked.

Got a news tip? Let Us Know