Ransomware also hits certified email

Is there anything left that the blackmail virus hasn't hit yet? There was still left the PEC (certified electronic mail) that many considered safe

We all know, but repetita iuvant, that the Certified Electronic Mail (PEC) is a system that allows you to send emails with legal value equated to a registered letter with return receipt, as established by the legislation in force.

We all considered the PEC more secure than a normal email message, and rightly so. Its main purpose is to provide certainty that an email has been sent and delivered (or not received) to the recipient. The term "certified" means that the manager of the service issues to the sender a receipt that constitutes legal proof of the sending of the message (and any attachments), just as the manager of the recipient's CEM box sends to the sender the receipt of delivery with a time reference that certifies the date and time of each of the operations described. But there's more. The PEC guarantees - thanks to the protocols used - the security of the attachments preventing any tampering. How is it possible that a ransomware managed to make the whole system "insecure"?

PEC problem

The PEC system, evidently, is not as perfect as we thought. The Certified Electronic Mail has a goal: to guarantee the content and the date of sending of a message - via SMTP protocol - using the credentials assigned to the sender. The weak point of the whole system is that there is neither a digital signature nor a certain identification of the sender (only that of the managers), so potentially anyone, including malware and hackers, who gets hold of a user's credentials can send PEC in his place.

How the ransomware virus works

Maximum attention then, to everything, including certified mail. The clues that it is a ransomware are the following based on the analysis of the cases examined so far. The messages, first of all, come from addresses like [email protected] or [email protected], but also from different domains sent through [email protected] or [email protected]. The text of the PEC messages that "hosts" the ransomware is the following: "In the original attachment of the document in question, no mail will be sent, unless specifically requested. The document will have to be printed on paper format and will have full fiscal validity and, as such, subject to the foreseen rules of use and conservation". PEC mail messages have as subject "Sending Invoice No. xxxxxx" - in numbers change for each victim and contain an attachment in ZIP format, usually, "invoice_ xxxxxx.zipper". Again, it can change depending on the user.

Watch out for zipper files

The ZIP attachment contains a file in the javascript format with the name of the archive. When we are about to open the archive, it activates the "downloader" - not always readily detected by antivirus - which allows the malware to download the ransomware from remote sites and install it on the victim's computer. And the trouble is done! Il virus del ricatto inizia a criptare i file e lascia alla vittima un messaggio con le istruzioni su come rientrare in possesso dei documenti: pagando.

Come difendersi dagli attacchi hacker

hacker-4.jpgFonte foto: Shutterstock

Clicca sull’immagine per accedere alla gallery con 5 consigli su come difendersi dagli hacker

Cliccando sui link che seguono, invece, potrete scoprire  suggerimenti, alcuni più tecnici altri più alla portata di tutti, riguardanti la sicurezza informatica e scoprire le tipologie di attacchi più comuni: dagli attacchi DDoS al phishing, passando per le botnet.

  • Dai cyber terroristi ai White hat hacker, ecco chi sono e cosa fanno
  • Proteggere la privacy e dati personali, i consigli dell’esperto
  • Sei consigli per mettere al sicuro la vostra piccola o media impresa
  • Dieci consigli per non cadere nella trappola di una e-mail phishing
  • Come proteggere la tua mail con Password Sicura: cos’è e come funziona
  • Salvarsi dagli hacker: 5 errori da non commettere
  • Allarme virus, trojan e ransomware, la guida per difendersi
  • Cosa sono i ransomware e come si diffonde il contagio
  • Pericolo ransomware: come difendersi con buone pratiche e antivirus
  • Dilemma ransomware: è possibile fermare il “virus del riscatto”?
  • Attacco ransomware: piccole e medie imprese in pericolo
  • Cosa sono gli attacchi DDoS, come nascono e come difendersi
  • Cos’è il phishing? Una pericolosa truffa: ecco come non abboccare
  • Privacy online: ecco come salvaguardare i nostri dati personali
  • Come creare una password forte per proteggere l’identità online
  • Addio ai furti di password, ecco la verifica in due passaggi
  • I migliori password manager per mettere al sicuro i propri dati