Fake job application emails are currently doing the rounds in Germany, which infect windows PCs with ransomware, encrypt files and try to blackmail users into paying ransom.
Such emails are in the main addressed to human resources staff in a targeted manner. The malware known as “Gandcrab” is concealed in an executable .exe file within an attached zip archive. As soon as this is run, Gandcrab encrypts the files on the PC as well as those contained on removable storage media or on the network. Files that have already been locked have the ending .krab according to a report from “heise Security”. Thus far a free decryption tool is not yet available.
The State Office of Criminal Investigations in Niedersachsen, which has put out a warning about Gandcrab, advises victims not to pay the ransom demanded for decrypting the data, but rather to get in touch with the Central Contact Point for Cybercrime (Zentrale Ansprechstelle Cybercrime) at the Police.
The fake applications have subject lines like “Application for the Advertised Position – Hannah Sommer”, but there are also emails with other names in circulation. It’s not only in human resources departments that one generally has to be careful with each incoming email and never open attachments or click on links without thinking twice.
Retarus E-Mail Security customers, and particularly those with Advanced Threat Protection (ATP) can feel secure regardless in the case of Gandcrab: at Virustotal 37 out of 67 virus scanners (as of yesterday morning) already recognize the infected attachment, and “heise Security” also expressly name several scanning engines employed by Retarus.