Fear is a fantastic way to spread malware, which is why hackers around the world are using the fear of a flu pandemic as a hook to install a nasty strain of ransomware.

Researchers at MyOnlineSecurity have detected a cunning email campaign which spoofs the Centers for Disease Control and bears headlines warning of a Flu Pandemic.

The message is short and to the point, explaining that a flu pandemic has been detected and urges recipients to read the attached document for further instructions to protect their families and help keep it from spreading.  The instructions also helpfully include the note that in order to view the document properly you’ll need to click the ‘Enable Editing’ button.

The attachment bears the name “Flu Pandemic Warning,” which reinforces the message itself. It’s an excellent choice from the perspective of the hackers, because they know that a relatively high percentage of those who receive this message from what appears to be a trusted agency will open it.

Unfortunately, the moment they open the file and click to enable editing, they doom themselves.  The word document is poisoned and contains scripts that will install the GrandCrab v5.2 ransomware on the victim’s machine, which will promptly lock their files and demand a hefty payment.

While this is a nasty and especially effective campaign, it’s not the only one that the creators of Grand Crab are engaged in.  Recently, the Chinese government issued their own alert, stating that beginning on March 11, various government departments were bombarded with phishing-style emails intent on installing ransomware on their servers.

All that to say, vigilance is more important now than ever.  There’s no telling how long this campaign will run, or what may come after it, but one thing you can be sure of.  They’re not going to stop.

There are thousands of hackers who get up every morning with ONE goal in mind: to find a new vulnerability in a commonly installed software (like Adobe, Flash or QuickTime) to access your computer.

That’s why these companies frequently issue patches and updates for KNOWN security bugs. Once a KNOWN vulnerability is announced via a patch, hackers get to work like crazy trying to figure out how to use the vulnerability and access those users who are lazy about installing updates. That’s why it’s important to update installed software programs as soon as possible.

Of course, if you’re a client of ours, we’re monitoring your network for these updates and handling them for you; but your home computers, smartphone and other devices that may NOT be under our protection probably need a little attention.