Public warned of suspicious email link attachments amid ‘formidable’ ransomware group

November 28, 2022 - 1:36 PM
A photo that showed apps on a phone (Photo by Torsten Dettlaff via Pexels)

The police’s anti-cybercrime group advised the public to be wary of ransomware group that targets recipient’s emails.

As the name suggests, ransomware is a type of malware that requires victims to pay “ransom” money to access files that the perpetrator blocked access from.

The Philippine National Police-Anti-Cybercrime Group (PNP-ACG) on Facebook said that it detected a “formidable” ransomware group called “Black Basta.”

“Black Basta is a ransomware group operating as a ransomware-as-a-service (RaaS) that was initially spotted in April 2022. It has since proven itself to be a formidable threat, as evidenced by its use of double-extortion tactics and expansion of its attack arsenal to include tools like the Qakbot Trojan and PrintNighmare exploit,” the agency said.

The PNP-ACG further noted that the group spreads via phishing and social engineering methods.

To prevent becoming a victim of this group, it advised the public to avoid clicking links that are attached to suspicious emails.

“With the speed with which Black Basta Ransomware is spreading, it is highly recommended to fend off the threat at the beginning,” the agency said.

“As far as the attack goes, since phishing and social engineering as its primary methods of propagation, the user should avoid opening attachments and links in suspicious or irrelevant email and messages, as it could lead to a system infection,” it added.

A previous study by Fortinet, a cybersecurity firm, found that 94% of organizations in the country are concerned with ransomware’s impact on the environment.

The report also stated that malware, phishing emails and hackers are the top three types of intrusions most operational technology (OT) respondents experience per year.

READ: Most orgs in Philippines are concerned about ransomware’s impact —report

Reports of such scams prompted the Bangko Sentral ng Pilipinas to order banks and other financial institutions to remove all types of clickable links on their official emails and text messages to clients.

“Ayon sa BSP Memorandum No. M-2022-015, ang mga bangko at iba pang institusyong pampinansyal na pinangangasiwaan ng BSP ay pinapayuhang TANGGALIN ANG CLICKABLE LINKS SA EMAILS O TEXT MESSAGES na ipinapadala nila sa customers,” the central bank said earlier this year.

READ: ‘Dapat walang clickable link’: BSP urges banks, financial institutions amid scam reports 

According to the PNP-ACG’s post, here are the following steps on how ransomware attacks unknowing victims’ emails:

  1. Spam attachment – Ransomware comes inside an email attachment
  2. Malware execution – The script is executed as malware gets installed on a machine.
  3. Files encryption – All files are encrypted rapidly with variant extension.
  4. Computer locked – Access to the computer is blocked with an alert message.
  5. Ransom demand – To unlock and back access, pay in bitcoins.