French firms targeted with ransomware

French companies are the latest targets of cyber crooks wielding the CTB Locker (aka Critroni) ransomware.

The emails look like their coming from an employee of the target company, and are directed at the management department. They are ostensibly a confirmation of a buying order for office hardware, and include an attached file that supposedly contains the bill for the order (click on the screenshot to enlarge it):

Unfortunately for those who download and open the attached .cab file, it carries the aforementioned ransomware.

Once run, the CTB Locker variant encrypts a wide range of files both on the victim’s computer and on any external disks, file servers and backups that are connected to it.

“The e-mails usurp the identity of the victim’s co-worker, which adds a layer of trust and credibility to the scam. They are well-written, in the language of the user, making it even harder to identitfy the scam,” explained Bitdefender’s Alexandra Gheorghe. “Users are advised to be extremely careful when opening e-mails from unknown senders, especially if they carry an attachment – it’s quite unusual to receive a .cab document.”

It’s also a good idea not to keep your backup connected to your computer.