Follow-Up: Fraudulent Email Activity
On May 5, 2020, our Executive Director, Kathy Janzen, was the target of an email malware attack through her personal email account. During this attack, some of our members, and others, received spam fragments linked to previous email threads, with a new attachment embedded. If not already done so, this email message should be immediately deleted.
ACPA has received a report from the IT Professional retained to review this matter. Below are some of the pertinent details as provided:
- Early on May 5, 2020 the URSNIF malware was activated on Kathy’s laptop which transmitted malware infected emails through existing email threads. Malware of this type relies on Windows (Vista or later), MSOffice applications, and Outlook for "best" distribution.
- Review of the incident logs show that some recipients appear to have received the infected spam email without an attachment. This would point to a botched re-use of the URSNIF malware.
- It doesn't appear that exfiltration of additional data occurred or continues beyond May 5, 2020.
- Malware prevention software has been updated on the laptop and will be monitored. Should there be recurrence, a "complete reset" of the Windows 10 environment will be initiated.
URSNIF malware typically uses sophisticated methods to compromise targets by replying to legitimate email conversation threads and not necessarily all addresses in an address book. These malicious emails often deliver attachments containing first stage droppers which later download the URSNIF trojan, but this approach can vary depending on the malcontents’ editing of the malware code.
We have verified that the ACPA email accounts, membership data, payment information, server-database, and website information were not compromised during the malware attack.
ACPA recommends that when our members transmit confidential or personal information to the organization via email, this information should be within an encrypted or password protected document attached to the email. Upon transmission, the sender should contact the intended recipient by phone or text, to provide the decryption key. Please do not attach the password as part of the email correspondence.
If you have any further concerns or questions about this matter, please contact the ACPA President. Thank you.