"Criminals Are Using Call Centers to Spread Ransomware in a Crafty Scheme"

Palo Alto Networks originally discovered the ransomware campaign “BazaCall” in February.  Adversaries lure in targets with an email during the campaign, suggesting that a subscription for a service, such as a gym membership, is expiring. Recent campaigns have posed as confirmation receipts for software licenses.  Each email contains a unique ID number and instructs the user to call a number that will connect them with an actual human.  The call agent advises the user to visit a legitimate-looking website and tells them to download a file from their account page to cancel their subscription. Once the user enables macros on the downloaded document, the malware is delivered from a Cobalt Strike beacon.  While such a campaign requires a little more social-engineering know-how on the part of hackers, the delivery method makes it more difficult for spam and phishing email detection software to intervene, researchers at Microsft stated. Researchers say the ongoing ransomware campaign may be more dangerous than previously thought in new findings by Microsoft. Researchers now say that the malware not only allows hackers a one-time backdoor into the device, as previously thought but can also allow adversaries to remotely control the affected system. That means it’s even easier for adversaries to sweep for files and find high-end user credentials that could be used to drop ransomware such as Ryuk or Conti within the first 48 hours of infiltration.

CyberScoop reports: "Criminals Are Using Call Centers to Spread Ransomware in a Crafty Scheme"