Monday, 23 October 2017

Dangerous ransomware arriving as fraudulent Eir bill email

ESET Ireland is warning Irish computer users against opening an attachment to a faked Eir email, as it contains dangerous ransomware, which will lock your files and demand payment to unlock them.

ESET Ireland has come across another dangerous spam email. This one pretends to come from Eir and says:

“Dear customer,
Your bill is now available to complete. Your bill amount is €184.38.
For your convenience we attached a copy of your invoice to your email.
To view it, please download invoice here.
Regards,
My eir Customer Support”

Clicking the link will download what appears like a zipped file, but is really a heavily obfuscated javascript file, that installs dangerous ransomware that ESET identifies asWin32/Filecoder.NHQ.

The malware will lock files on the victim’s computer, then play a robotic voice recording, saying: "Attention, attention, this is not a test, all your documents, databases and other important files are encrypted and windows cannot restore them without special software. User action is required as soon as possible to recover the files"

ESET Ireland would like to point out that paying the ransom to the cybercriminals does not guarantee getting your files unlocked, or it can result in a repeated infection a while later.

ESET security software identifies and prevents this particular ransomware from executing, keeping the users safe, but everyone is still warned to avoid clicking on any attachments or links in such fraudulent emails, instead marking them as spam and deleting them.