eNews

IRS Labeled Email Could Contain Ransomware

Written by etrepid | Feb 28, 2018 4:00:00 PM

There's a new strain of the "Rapid Ransomware" making the rounds, and because of how it's being transmitted, it's destined to have a higher than average rate of infection.  The new strain was first discovered by Derek Knight. It is disturbing because it claims to come from the IRS, and will feature subject lines like "IRS Urgent Message-164."

The body of the email then goes on to say that the recipient owes some amount of money in real estate taxes, and "helpfully" includes instructions for how to settle in the attached file.  Inside the zipped file, the user will find a word document.  You'll need to click on "Enable Editing" to see the file, and unfortunately, the moment you do, you're doomed.  "Rapid" will scan the target computer for data files and encrypt them, appending each with the ".rapid" extension.

As soon as the malware finishes encrypting your files, it will automatically open "Recovery.txt" which will display details on how much you'll have to pay the hackers to get your files back.  Unlike most other ransomware strains, this one will configure itself to start every time you login to the computer, so if you pay the ransom to get access to your files again, but fail to completely remove the malware, you'll be facing the same problem the very next time you use the machine.

Observant users will take note of the fact that the email address is not a .gov and likely not be taken in. Unfortunately, many people will look no further than the subject line and immediately begin following the instructions contained in the email, which is obviously the reaction that the hackers are hoping for.

As ever, protecting yourself from threats like these comes down to two things:  Education and vigilance.