Beware of the Nemucod!

By on
Beware of the Nemucod!

A wave of spam is delivering malware - especially ransomware - to computers.

Ransomware  - malware that encrypts victims' files rendering them useless until a ransom has been paid - is proving a popular strategy among the Bad Guys.

Be on your guard, as security vendor ESET says it has spotted particularly high levels of spam email delivering malware to Australia and other countries. 

These emails come with an attachment in the form of a zip file. It poses as an invoice, legal notice or some other type of official document, but it is actually a piece of JavaScript that downloads a piece of malware called Nemucod (yeah, that's 'document' backwards, minus the T to make it pronounceable).

So opening the attachment installs and runs Nemucod, which in turn downloads and runs other malware, currently ransomware such as TeslaCrypt or Locky. These are well written in the sense that they use serious encryption, so victims are unlikely to be able to decrypt their files unless they pay the ransom.

ESET said Nemucod accounted for 33 percent of malware it detected in Australia on 11 March, though the figure had fallen to less than 14 percent at the time of writing.

New Zealand is one of the hardest hit by Nemucod, with an incidence of just over 31 percent.

Nemucod was first seen about a year ago and an significant campaign occurred in December 2015 so there is no excuse for security software failing to detect it, but note that different vendors sometimes use different names.

Why are people opening the attachments? According to ESET, the covering emails in the current campaign are written in a convincing way.

So it's time for the usual warnings:

Don't open attachments from unknown senders, and be cautious with those from known senders. For example, if there's no reason for someone to send you an invoice, don't open it. If you received an email purporting to be a 'missed delivery' notice from a carrier, don't open any attachments, because it is unlikely to be genuine - if you think it may be real, contact the company instead. The same goes for anything supposedly from a court, the ATO, state or federal police, and so on. Make sure your employees are appropriately briefed about this.

Do install reputable security software, keep it up to date, and keep its features turned on. But don't rely on the software to keep you safe - remain on your guard when dealing with email.

Do get into good backup habits. But there's a problem: some ransomware will encrypt files on external drives, servers and so on. You probably need a two-part strategy. One form of backup should provide frequent, automatic backups to protect against various ways of losing information including user error, while another makes the destination inaccessible to ransomware (eg, by you disconnecting the backup drive) unless it strikes while a backup or recovery operation is actually in progress.

Do keep your operating system and applications up to date, as that generally reduces the chance of malware being able to affect your computers.

Copyright © BIT (Business IT). All rights reserved.

Most Read Articles


What would you like to see more of on BiT?
How To's
Photo Galleries
View poll archive

Log In

  |  Forgot your password?