IRS Email Scam Distributes Rapid Ransomware
Emails masquerading as official correspondence from the Internal Revenue Service (IRS) are attempting to deliver a new variant of Rapid Ransomware to unsuspecting victims. According to My Online Security, emails associated with this campaign have subject lines such as “Please Note - IRS Urgent Message-164” and notify users in the body of the email that they are overdue on their real estate taxes by several months. Recipients are instructed to review a comprehensive report contained within an attached ZIP file, labeled Notification-[number].zip. Instead of containing the report, the ZIP file contains a Word document with embedded malicious macros. If these macros are enabled, they will download Rapid Ransomware on to the system. This variant appends .rapid to the names of encrypted files and opens several ransom notes in Notepad labeledrecovery.txt. The NJCCIC strongly recommends users avoid enabling macros unless they are aware of a specific reason why a document requires macros to run, and avoid clicking on links or opening attachments delivered with unexpected or unsolicited emails.