New Complex Ransomware Technique

Microsoft has observed a new phishing/ransomware that uses a combination of techniques to fool users.

Tracked as DEV-0569, Microsoft says that it uses phishing emails to get users to install “updates” to legitimate applications like Microsoft Teams, Zoom and, curiously, Adobe Flash, among others.

The malicious link is delivered via infected ads, fake forum pages, blog comments and phishing campaigns.

The downloads at the links are digitally signed – with stolen certificates.

These fake updates launch malicious PowerShell activities or batch scripts that aid in turning off security software and delivery of malware payloads that are decrypted after delivery.

In one campaign, the attackers use website contact forms and legitimate software depositories – and Google ads.

These techniques will fool many users and the best ways to stop them is implementing zero trust on your endpoints AND anti-phishing training for your users.

If you need help with this, please contact us.

Credit: KnowBe4