Perhaps think twice before opening that romantic message, because cyber criminals are exploiting Valentine's Day as a means of distributing a prolific form ransomware.
GandCrab first emerged in January last year and has gone on to become one of the most successful families of file-encrypting malware, with its creators regularly updating it with new tricks and techniques.
Now the ransomware is being sent to potential victims in phishing emails with romantic subject lines to coincide with Valentine's Day in a campaign which has been detailed by security researchers at Mimecast.
While campaigns relating to holidays have traditionally focused on consumers, they're increasingly targeting business email accounts — providing attackers with a means of encrypting corporate networks and demanding larger ransoms than they could squeeze out of individual victims.
Subject lines used in this GandCrab campaign all relate to romance. Examples include 'This is my love letter to you', 'Wrote my thoughts down about you', 'My letter just for you', and 'Felt in love with you'.
Before the ransom note is presented to the victim, they're asked to select a language to see it in — English, Korean or Chinese, something which researchers suggest indicates the main targets of those behind GandCrab.
After this, the user is directed to a ransom note explaining that their computer has been encrypted and that they need to pay a ransom in Bitcoin or DASH cryptocurrency in order to get their data back.
The victim is told the ransom will be doubled if they don't pay within seven days — and is offered advice on how to purchase and use cryptocurrency. The attackers even provide a live chat window to 'help' the victims pay the ransom demand.
Researchers note that the ransom payments differ according to the victim, indicating an aspect of planning behind the attacks — and that it's possible that the Valentine's Day campaign might not be the work of the GandCrab authors themselves, but rather cyber criminal customers using it as part of a ransomware-as-a-service (RaaS) campaign.
GandCrab remains one of the most potent ransomware threats around and it's expected to continue to plague organisations for some time yet.
"It's likely we will continue to see them update the versions. Releasing more versions will enable them to stay ahead of detection and continue to offer this as a RaaS to increase their profits," Mimecast told ZDNet.
However, organisations can look to avoid falling victim to it by training users to be mindful of strange or unexpected email messages — or by deploying suitable security software.
READ MORE ON CYBER CRIME
- Ransomware: Not dead, just getting a lot sneakier
- Ransomware keeps its hold on your data, Verizon says CNET
- Phishing attacks: Why is email still such an easy target for hackers?
- Ransomware: A cheat sheet for professionals TechRepublic
- New ransomware poses as games and software to trick you into downloading it