The German Federal Office for Information Security (BSI) has issued an alert on a new wave of Gandcrab ransomware attacks.
The statement that was released carries the alarming headline “Ransomware Outsmarts Virus Protection Programs”. This is based on the fact that the offending emails, cleverly disguised as job applications, include an encrypted archive file which regular virus scanners are unable to examine without the password required to open it. The password is revealed to the recipient either in the body text of the email or in a text attachment.
Amongst the measures employed to counter this threat, the BSI recommends taking “appropriate technical steps” to block the use of encrypted archive in emails.
A technical solution suitable for this recommended course of action is already provided by the Attachment Blocker included in the basic Essential Protection version of Retarus E-Mail Security. The “Block protected files” option allows the prevention of password-protected documents – no matter whether they are PDF or office documents – as a standard setting. For more details about this service, please feel free to get in touch with your local Retarus representative.