What to avoid in Dropbox-related phishing attack

Corporate employees familiar with Dropbox should take extra precautions to avoid becoming a victim of a phishing attack that uses the popular file-sharing service.

Cybercriminals have been sending out emails with malicious links pointing to a ZIP file on Dropbox that contains a screensaver that is actually ransomware similar to one known as CryptoLocker, security vendor PhishMe reported Friday.

[Brown HIV researchers make Dropbox secure with nCrypted Cloud]

The attackers try to trick the recipients into clicking on the link through a variety of ploys, including disguising the email, so that the link appears to point to an invoice or a fax report or message.

If someone receives the email at work, "they may think that they're receiving a fax and it's something they need to look at, which makes them inclined to go ahead and open it," Ronnie Tokazowski, senior researcher at PhishMe, said.

Clicking on the link to the ZIP file and then the screensaver file inside launches the malware that encrypts files on the victim's hard drive. PhishMe estimates that victims have had as many as 20,000 files encrypted. Files typically affected by such ransomware include documents, archive files, executables and JPEGs.

Once executed, the malware launches a page on the victim's default browser, demanding that $500 in Bitcoins be deposited in the criminals' electronic wallet. Failing to do so after a certain amount of time leads to the ransom doubling to $1,000.

Based on an examination of three of the attackers' wallets, the scammers have collected at least $62,000, Tokazowski estimates. The ransom demand and payment transactions are conducted over the Tor anonymity network.

The attack does not exploit a vulnerability on Dropbox. PhishMe had not discussed the phishing campaign with Dropbox, which did not respond to a request for comment.

PhishMe discovered the scam after its own employees received the phishing emails, Tokazowski said. Almost 20 of the company's 50 employees received the messages.

PhishMe does not believe it was directly targeted in the campaign, but was just one of many companies whose employees might have received the emails.

[Box, Dropbox, or drop both?]

"There's been no evidence that they (the attackers) have been specifically going after us," Tokazowski said.

To avoid becoming a victim, companies should advise employees to be wary of downloading ZIP files and emails like the ones described above that have no recognizable sender.

Tags dropboxphishmeCryptolockersecuritylegalransomwarecybercrimephishing attackmalware


Comments are now closed

CSO Corporate Partners
  • f5
  • Webroot
  • Trend Micro
  • NetIQ
rhs_login_lockGet exclusive access to CSO, invitation only events, reports & analysis.
CSO Directory

Open Space Security Suite

Kaspersky Open Space Security provides complete business protection in a single integrated suite of applications that work seamlessly across all platforms.

Security Awareness Tip
Security ABC Guides

Warning: Tips for secure mobile holiday shopping

I’m dating myself, but I remember when holiday shopping involved pouring through ads in the Sunday paper, placing actual phone calls from tethered land lines to research product stock and availability, and actually driving places to pick things up. Now, holiday shoppers can do all of that from a smartphone or tablet in a few seconds, but there are some security pitfalls to be aware of.