Spam Emails Mask Ransomware with a Wink and a Smile

Updates and Insights from Our Security Advisor Newsletter


Published: August 25, 2020

A new ransomware, Avaddon, is having a bit of fun with its targets as their way to install the malware on devices worldwide. Hackers are sending “innocent” spam emails as a calling card to deploy Avaddon ransomware on data systems. Hoping to catch users off guard, spam emails infiltrate email accounts with a subject line asking the user if they approve of their “new photo” or the photo of the spam sender. What could possibly go wrong when the only email content is an innocuous winking smiley face? The answer to that question is that an Avaddon ransomware attack can happen.

The distribution of the spam emails flooding inboxes everywhere uses a botnet to keep the wave going. BleepingComputer reports a security researcher from AppRiver blocked over 300,000 of the spam emails in a short period of time. Unfortunately, the simple smiling face graphic contains a JavaScript downloader that distributes the Avaddon ransomware. The JavaScript hides in the email as a “harmless” JPG photo that users can open. It doesn’t help that Windows still hides file extensions, despite it being a well-known security risk to do so. The massive Avaddon attack is actively recruiting bad actors to help add to the ransomware mayhem. The recruitment includes paying hackers a percentage of the ransom extortion payment as compensation for their assistance. Where the new ransomware will show up next, only Avaddon creators know. As with many different types of malware enduring over time, changes and improvements to the ransomware are expected. Staying safe from Avaddon has a predictable response: Avoid getting ransomware to begin with. Sensitive data is much safer when a staff is regularly educated about the latest cyberthreats and what to do if they find themselves compromised. That also includes how to spot phishing emails before they’re opened and acted upon. Remember, it only takes one wrong click on a phishing email to launch a malware attack. Cyber-education is a great start, but more can be done to bolster ransomware protection.

The FBI and other institutions agree that refusing to pay any ransom is the best deterrent to future attacks. They claim that paying only encourages more ransomware strikes, and there’s no guarantee a hacker will provide the decryption key, as promised, if the ransom is paid. Finally, if data is regularly backed up, the ability to restore what was hijacked entirely avoids the need to pay a ransom demand.


Nadicent Technologies' goal is to help technology services decision-makers cut through all the noise of technology suppliers to deliver best-fit solutions that save you time, money, and improve customer experience. If you would like to know more or want to schedule a conversation.


Email us at advisor@nadicent.com

Keep up to date: Sign up for Fraud alerts and Updates

1 view
  • Facebook
  • LinkedIn
  • Twitter

© 2020  by Sandra Ruiz Enterprises, LLC.   No animals were harmed in the creation of this website.  Nadicent Technologies, LLC |  2389 Main Street, Glastonbury CT 06033 | www.nadicent.com | advisor@nadicent.com  | 203-274-8466