{"id":11996,"date":"2022-04-09T06:45:52","date_gmt":"2022-04-09T06:45:52","guid":{"rendered":"https:\/\/myonlinesecurity.co.uk\/?p=11996"},"modified":"2023-04-06T12:46:58","modified_gmt":"2023-04-06T12:46:58","slug":"wetransfer-random-name-at-your-own-domain-has-sent-you-a-file-malspam-delivers-cerber-ransomware","status":"publish","type":"page","link":"https:\/\/myonlinesecurity.co.uk\/wetransfer-random-name-at-your-own-domain-has-sent-you-a-file-malspam-delivers-cerber-ransomware\/","title":{"rendered":"WeTransfer Random Name At Your Own Domain Has Sent You A File Malspam Delivers Cerber Ransomware"},"content":{"rendered":"
An email with the subject of name@victim domain.tld has sent you a file via WeTransfer pretending to come from WeTransfer <noreply@wetransfer.com> with a link to download a zip attachment which downloads Cerber Ransomware. Luckily Cerber doesn\u2019t mass malspam in the same way that Locky does. These Cerber emails tend to be slightly more targeted ( spear Phishing ) at small business or organisations where IT might not be such a high priority or be so aware.<\/p>\n
They use email addresses and subjects that will entice a user to read the email and open the attachment. A very high proportion are being targeted at small and medium size businesses, with the hope of getting a better response than they do from consumers.<\/p>\n
WeTransfer has not been hacked or had their email or other servers compromised. They are not sending the emails to you. They are just innocent victims in exactly the same way as every recipient of these emails<\/p>\n
One of the emails looks like:<\/p>\n
From:<\/strong> WeTransfer <noreply@wetransfer.com><\/p>\n Date:<\/strong> Thu 30\/06\/2016 08:47<\/p>\n Subject:<\/strong> Scott.Byington@hedgehoghelp.co.uk has sent you a file via WeTransfer<\/p>\n Attachment:<\/strong> none ( email link )<\/p>\nBody Content<\/strong>:<\/h3>\n
\n