Andrea Danti - Fotolia
A new form of ransomware is delivering malicious Microsoft Office documents as a part of an email phishing campaign. This midscale campaign -- dubbed Spider ransomware -- gives victims a 96-hour deadline to pay. Does this ransomware differ from those we've seen in the past?
The Spider ransomware does not differ appreciably from previous ransomware attacks; it has all of the hallmarks of ordinary ransomware, including the use of a malicious Word document sent via an email phishing campaign, using a PowerShell script to download the malicious payload to encrypt victim files, and attackers demanding a ransom paid in bitcoin in exchange for decryption keys.
The Spider ransomware does have a slight twist on those seen in the past, as Netskope notes in its report that the malicious Word files sent as attachments "are auto-synced to enterprise cloud storage and collaborations apps." This means it is possible for a system to become infected by downloading the malicious file from cloud storage rather than from opening a malicious file attached to an email.
It's reasonable to assume that the files you access on a managed file service or shared drive are malware free and that your endpoint security tool would detect any malicious activity. While there are many different places where a file could be stored to avoid being checked for malware, one might assume that file servers, websites and collaboration applications would scan all the stored files for malware. However, they often don't scan all the files because that can affect performance.
Netskope recommends scanning files uploaded to sanctioned cloud services, as well as files downloaded from unsanctioned cloud services, something an enterprise should ensure is being done on all of their systems to provide layered security protections to endpoints. If a user has access to a file via a system, then it should be scanned for malware like the Spider ransomware before the endpoint accesses it in case the endpoint lacks functioning antimalware protection.
Ask the expert:
Have a question about enterprise threats? Send it via email today. (All questions are anonymous.)
Dig Deeper on Microsoft Windows security
Related Q&A from Nick Lewis
Cisco Talos' Thanatos ransomware decryptor can recover files affected by new ransomware that won't decrypt ransomed files even when a ransom has been... Continue Reading
A phishing campaign targeting Trezor wallets may have poisoned DNS or hijacked BGP to gain access. Learn how the attack worked and how to mitigate it... Continue Reading
Okta researchers found a bypass that allows macOS malware to pose as signed Apple files. Discover how this is possible and how to mitigate this ... Continue Reading
Have a question for an expert?
Please add a title for your question
Get answers from a TechTarget expert on whatever's puzzling you.