A Fake IRS Email Scam is Spreading a New Form of Ransomware

Posted on
A Fake IRS Email Scam is Spreading a New Form of Ransomware

Have you received a suspicious email from the IRS recently? It could be a trick to infect your computer with ransomware. Hackers are constantly looking for new ways to fool victims, and a new campaign is using fake emails from the Internal Revenue Service. These fake emails are spreading a new form of Ransomware, called Rapid Ransomware.

What is Rapid Ransomware?

Rapid Ransomware is a new variant of ransomware that was just detected in January 2018. It adds .rapid to encrypted file names and creates a ransom note called How Recovery Files.txt onto the desktop and files of compromised systems. This new form of Ransomware even stays active and encrypts new files after they are created. Rapid Ransomware has been known to terminate multiple databases such as sql.exe and sqelite.exe, clear Windows shadow volume copies, and disable automatic repairs.

More than 300 known infections of Rapid Ransomware have already been identified since January 3, 2018. It was unknown how hackers were spreading this new Ransomware, until a malspam campaign sending fake emails from the IRS was discovered in February 2018.

The Fake IRS Email Scam

Fake emails believed to be a part of this campaign include subject lines such as: “Please Note – IRS Urgent Message- 164” but look out for different variances of this. Hackers are using subject lines they hope will scare the victim into opening and clicking on the email. The body of these scam emails notify the reader that they are overdue on real estate taxes by several months.

The reader is then told to download an attached ZIP file named Notification-[number].zip, that supposedly holds a “comprehensive report” regarding the reader’s debt. This ZIP file does not contain any report, instead, it holds a Word document embedded with malicious macros. If macros are enabled, Rapid Ransomware will be downloaded onto the victims’ system.

It is notable that a high percentage of users being targeted by this campaign are small or medium sized businesses, not consumers. Hackers must be hoping business owners are more likely to click on a message from the IRS.

How to Protect Yourself

In order to make sure you are protected from this new cyber threat, JDL Group recommends not enabling macros on your devices, unless you have a specific document that requires macros. Also, do not click on links or open attachments from suspicious, unexpected, or unsolicited emails.

Securing Your Network Moving Forward

Looking for help securing your network against cyber-attacks? JDL Group can work with you to formulate an IT security plan that works for your business. Contact us today.

Additional Resources:

https://www.cyber.nj.gov/cyber-alerts/20180216/irs-email-scam-distributes-rapid-ransomware
https://myonlinesecurity.co.uk/please-note-irs-urgent-message-164-malspam-delivers-rapid-ransomware/
https://www.cyber.nj.gov/threat-profiles/ransomware-variants/rapid-ransomware

 

ransomware attacks on law firms

Leave a Reply

Your email address will not be published. Required fields are marked *