Jump to content
Sign in to follow this  
The AchieVer

Attackers Sending Out Fake CDC Flu Warnings to Distribute GandCrab

Recommended Posts

The AchieVer

Attackers Sending Out Fake CDC Flu Warnings to Distribute GandCrab


Digital attackers are sending out fake flu warnings that appear to come from the U.S. Center for Disease Control (CDC) in order to distribute GandCrab ransomware.


An attack begins when a user receives a fake CDC email. The sender field claims that the email came from “Centers for Disease Control and Prevention.” But a closer look reveals the sender to actually be “[email protected],” an email address which has nothing to do with the CDC.


That’s not the end of the attack campaign’s mischief. The email’s subject line of “Flu pandemic warning” also has something to hide. As explained by My Online Security:

To confuse the issue even more the subject line was written in what looks like a mix of cyrillic & western characters & encoded in UTF8 format so a computer will automatically translate / decode it. When I first tried to post this, I got a garbled mess of characters in the url to this post where the Copy & pasting from the email picked up the utf8 format.

Fake CDC email. (Source: My Online Security)

The body of the email itself tries to trick the recipient into viewing an “Instructions DOC” link so that they can protect themselves against the flu. When clicked, the link loads a Microsoft Word document that’s empty except for its “Urgent notice” heading. The document also comes with malicious macros that download GandCrab ransomware when enabled.

Unfortunately, the attack campaign is currently distributing version 5.2 of the crypto-malware. This variant is currently beyond the scope of a free decryptor developed for the ransomware.


Users can help protect themselves against attack campaigns such as this one by familiarizing themselves with the most common attack techniques employed by phishers. They should also back up their data on a regular basis, update their OS for known vulnerabilities and follow these additional tipsto prevent a ransomware infection.





Share this post

Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Sign in to follow this  

  • Recently Browsing   0 members

    No registered users viewing this page.

  • Create New...