• Admin

Spam Emails Mask Ransomware With A Wink And A Smile

Published: May 01, 2021 on our newsletter Security Fraud News & Alerts Newsletter.



A new ransomware, Avaddon, is having a bit of fun with its targets as their way to install the malware on devices worldwide. Hackers are sending “innocent” spam emails as a calling card to deploy Avaddon ransomware on data systems. Hoping to catch users off guard, spam emails infiltrate email accounts with a subject line asking the user if they approve of their “new photo” or the photo of the spam sender. What could possibly go wrong when the only email content is an innocuous winking smiley face? The answer to that question is that an Avaddon ransomware attack can happen.


The distribution of the spam emails flooding inboxes everywhere uses a botnet to keep the wave going. BleepingComputer reports a security researcher from AppRiver blocked over 300,000 of the spam emails in a short period of time. Unfortunately, the simple smiling face graphic contains a JavaScript downloader that distributes the Avaddon ransomware. The JavaScript hides in the email as a “harmless” JPG photo that users can open. It doesn’t help that Windows still hides file extensions, despite it being a well-known security risk to do so.



The massive Avaddon attack is actively recruiting bad actors to help add to the ransomware mayhem. The recruitment includes paying hackers a percentage of the ransom extortion payment as compensation for their assistance. Where the new ransomware will show up next, only Avaddon creators know. As with many different types of malware enduring over time, changes and improvements to the ransomware are expected.


Staying safe from Avaddon has a predictable response: Avoid getting ransomware to begin with. Sensitive data is much safer when a staff is regularly educated about the latest cyberthreats and what to do if they find themselves compromised. That also includes how to spot phishing emails before they’re opened and acted upon. Remember, it only takes one wrong click on a phishing email to launch a malware attack. Cyber-education is a great start, but more can be done to bolster ransomware protection.


The FBI and other institutions agree that refusing to pay any ransom is the best deterrent to future attacks. They claim that paying only encourages more ransomware strikes, and there’s no guarantee a hacker will provide the decryption key, as promised, if the ransom is paid. Finally, if data is regularly backed up, the ability to restore what was hijacked entirely avoids the need to pay a ransom demand.


Keep up to date: Sign up for our Fraud alerts and Updates newsletter

Want to schedule a conversation? Please email us at advisor@nadicent.com