A new CryptoWall attack wave has hit end-users with malicious .chm attachments that infect networks with the latest and most sophisticated file-encrypting ransomware.
The latest wrinkle is that the fake “incoming fax report” email looks to the user to come from a machine in their own domain. This file-encrypting ransomware social engineers end-users by masking its malicious payload as an innocent attachment.
Once the user opens it, the payload encrypts the files of all mapped drives and demands about $500 in ransom to be paid in Bitcoin. The current attack uses a new attachment: help files with the .CHM extension. Bitdefender Labs discovered the attack in late February 2015
It is targeting users from around the world, including the US, the UK, several European countries and Australia. The servers that send the attack are compromised machines distributed over Asia, India, Europe, Australia, US, Romania and Spain. “Interestingly, in this instance, hackers have resorted to a less fashionable yet highly effective trick to automatically execute malware on a victim’s machine and encrypt its contents – malicious .chm attachments,” states Catalin Cosoi, Chief Security Strategist at Bitdefender.
Brash Concepts recommends to add .CHM files to the list of potentially malicious extensions in your spam filters if it is not in there already.