August 10, 2016
Between August 3 and August 9, security firm Proofpoint says it detected hundreds of thousands of spam email messages spreading the CrypFile2 ransomware, mainly to US-based government agencies and educational institutions.
The campaign started very strong, with Proofpoint saying it detected hundreds of thousands of messages on the first day. The spam flood seems to have died down during the following days, but the security vendor claims it still detected thousands of messages each day until August 9.
Attackers targeted US government agencies
Most of these spam emails were sent to email addresses belonging to state and local government agencies, followed by K-12 educational institutions.
Attackers targeted other verticals, but to a lesser degree compared to these three. These include organizations from the healthcare sector, post-secondary educational institutions, telecommunications companies, insurance companies, and technology firms.
What was strange about this campaign was the presence of a relatively unknown piece of ransomware, first spotted last March.
The ransomware is called CrypFile2 and is part of the CrypBoss ransomware family, just like HydraCrypt and UmbreCrypt. Unlike those two, which have been decrypted, CrypFile2 has not been cracked by security researchers yet.