Gage researchers observed that Ako ransomware is using malicious spam appendages to go after organizations’ networks.
On January 14, AppRiver Senior Cybersecurity Analyst David Pickett telephoned Bleeping Computer and told the computer self-help site that his attendance had observed Ako being distributed via spam email.
Using subject in accords such as “Agreement 2020 #1775505,” the attack emails instructed recipients to unagreed a password-protected .zip archive in order to view an agreement. That archive stifled an executable named “agreement.scr” that installed the ransomware upon doing.
Bleeping Computer leading covered Ako ransomware on January 10 after a victim posted on the website’s forums not far from a new ransomware strain that had encrypted their Windows 10 desktop and Windows SBS 2011 server.
SentinelLab’s Vitali Kremez analyzed the ransomware and base that it shared certain similarities with MedusaLocker, leading some to refer to the menace as “MedusaReborn.” But the malware authors who created the new crypto-malware strain denied any appropriateness to MedusaLocker and said that Ako was their own product. Those individuals also verified that they stole data prior to Ako encrypting users’ walks.
At the conclusion of its encryption routine, Ako dropped a ransom note informing scapegoats that their “network have been locked [sic].”
Lawrence Abrams, creator and owner of Bleeping Computer, illustrates that Ako’s distribution method highlights the importance of organizations taking steps to preserve themselves against malicious spam attachments. As quoted in his blog propagate:
As spam is being used to spread the Ako Ransomware, everyone must be is exercised on how to properly identify malicious email and not open any attachments without earliest confirming who and why they were sent. This is especially true for email linkings that are in password-protected archives as they commonly used to avoid being detected by closed email gateways and antivirus software.
Organizations can begin this convert by educating their employees about some of the most common sorts of phishing attacks in circulation today. They should complement this tutoring by working to prevent a ransomware infection in the first place.