Our Blog

 

Padlock3

Based on recent activity being monitored via CYBONET’s PineApp Mail Secure global install base, we have noticed a return of the fake UPS cannot deliver malspam, this time with an updated NemucodAES ransomware. The malspam is presenting itself with a few different variations of the subject header ‘Problems with item delivery, n.[parcel number]’, and these emails are automatically being blocked and quarantined by our customers’ PineApp Mail Secure systems. Please see an example below:

 

UPS pic1

 

Same Emails, Different Method

The malspam emails have reappeared with the same basic characteristics that they displayed before, with emails seeming to come from UPS, FedEx and the like. The attachment to the spam email contains a JS file that, when opened, will download PHP and a PHP script, which is the actual ransomware component. Once started, the PHP script scans the drives for targeted files and encrypts them.

Unlike most other ransomware infections, with this NemucodAES ransomware your files become encrypted without changing file names or file extensions, and you only discover that your files have been encrypted if you try to open them or see the changed desktop background and ransom note - containing the ransom amount and payment instructions – as per the example below:

 

UPS pic2


Often an anti-virus comes into play and removes the malware files and the desktop warning, in which case the encryption is only revealed when the user tries to open his/her files.

Decrypting your Files

If you have seen the above Decrypt.hta ransom note with the bright red background and payment servers that have the ‘counter’ string in their URL, you are a victim of NemucodAES. Fortunately a decryptor for this ransomware has just been released, and instructions can be found at Bleeping Computer.

Quarantined by PineApp Mail Secure Prior to Encryption

Better still is to avoid infection in the first place, and CYBONET’s PineApp Mail Secure allows you to do just this, by blocking the malspam emails – see screenshot of the offending emails quarantined by the solution’s Mail Traffic Management below:

UPS pic3

 

CYBONET’s PineApp Mail Secure helps by blocking 99.7% of spam and viruses and protecting your email traffic; both inbound and outbound. It neutralizes Advanced Persistent Threats and guards against zero-hour viruses, malware and ransomware with a multi-layer anti-spam and anti-virus system that identifies and blocks the likes of the zero-hour virus found in these UPS malspam emails:

 

UPS pic4

To learn more about how PineApp Mail Secure can protect your organization from all varieties of spam, viruses, malware and ransomware, click here or contact This email address is being protected from spambots. You need JavaScript enabled to view it.

 

Still have questions about CYBONET?

Send us a message