Following is the PNP Computer Security Bulletin CSB17-012 issued by PNP Information Technology Management Service concerning the threat posed by NotPetya Ransomware that has affected numerous computers in Russia, Ukraine, other European countries, United States, and some Asian and African countries.
A recent phishing attack via e-mail attempts to draw the attention of target recipients with the subject line "IMPORTANT MESSAGE ATTACHED" while the sender may appear to be from legitimate email addresses such as the two reported PNP offices where the purported messages came from. Accordingly, the senders forged the emails of said offices using the name of a particular personnel and sends out phishing messages to all their contacts with a malware-loaded pdf file attachment.
These email addresses may have been infected when they opened the attachment, with the malware automatically forwarded to the address book entries of the victim's email account.
This act was considered by Google as web forgery intended to trick the recipients to disclose their financial, personal or other sensitive information by filling up the form when the attachment is opened. Authorities dubbed this attack as “spear fishing” – defined as a targeted attack on a specific person or organization pretending to be from a known individual, organization or business. Although often intended to steal data for malicious purposes, cybercriminals may also use this to install malicious software on a target computer. The hacker uses email pretending to be from a legitimate source and ask the reader to click the attached file or link that will lead them to a cloned website, tricking the user to download a malware or exfiltrate data from the computer or mobile device of the target. The harmful effects of this include data and identity theft, interfere with the normal functioning of the device, and the much feared ransomware.
To avert further spreading this attack, once a message having the same nature is received, the recipients are advised to report it as a spam in the e-mail program. Also, be wary of all the attachment received. Those who have received this type of email are warned not to respond to it and to never open the attachment nor any hyperlink. Recipients are also advised to coordinate with the sender to confirm that they indeed have sent a message with the corresponding attachment.
Three emails have recently been flagged by administrators of the Philippine government email system due to the suspicious nature of their content. This messages could prove harmful to email users when the payload attachments and links are activated. These emails have bypassed the spam filter of some email programs.
If emails are received from these addresses or from any suspicious senders, press the REPORT IT AS SPAM button in your email programs to stop it from spreading further.