There’s a ransomware campaign going on called BazaCall. It’s been circulating for months, but Microsoft Security Intelligence is now publicizing its major points on Twitter with screenshots to help inform the average person of how to stay safe (via ZDNet).
Here’s how BazaCall works. First, you’ll receive an email saying a subscription service of yours is up for renewal, and you’ll be invited to call a phone number to cancel if you wish.
When you call, you’ll be told to go to a website and download an Excel file. That file contains the macro that gets the payload onto your machine, crippling you with ransomware.
It sounds like a dumb plot on paper, but in reality, decently written emails and full-on fake call centers can present the appearance of a legitimate operation to the gullible, uninformed, or inattentive. As Microsoft mentions in its tweet thread discussing BazaCall, the threat is made even more complex by the fact that there’s nothing overtly malicious in the emails themselves, making danger harder to detect.
The name BazaCall stems from the malware the campaign distributed in the beginning: BazaLoader. Though it’s been kicking around for a bit, it seems the efforts to spread ransomware are amping up as people get wise to classic tricks.
Today we’re dealing with harmless emails, con-job call centers, and dangerous Excel files. What happens tomorrow? Do fraudsters legally register and operate entirely legitimate businesses solely to have addresses and phone numbers for swindles on the side? Aside from the fact that that already happens, the point is that ransomware may seem like a foreign concern at the moment, but be ready: Cybercriminals are working overtime to drag you into their net, no matter how elaborate of a scheme such a victory requires.