According to Microsoft, there is a new malware scam targeting Microsoft Office users and has the potential to bankrupt a business. The malware is called BazarCall, and its goal is to deploy ransomware. Because it lacks tell-tale signs of malware, it is a challenge to identify. The BazarCall uses an elaborate email campaign that involves fake subscriptions, and fraudulent call centers. As a result, it is very easy to be tricked (Mayank Sharma, TechRadar, Microsoft says this new malware could bankrupt your business, June 24th, 2021, https://www.techradar.com/news/microsoft-says-this-new-malware-could-bankrupt-your-business). There have been a number of ransomware stories in the news lately, as the Colonial Pipeline ransomware case. But BazarCall targets Microsoft Office users. As a result, it poses an acute threat to small business owners due to the number of users. There is only one Colonial Pipeline, but millions (probably a lot more) of small business owners using Microsoft office. In this blog, first I’ll summarize how the BazarCall scam works. Then I’ll make some recommendations to help you protect against the BazarCall malware.
How the BazarCall Malware Scam Works
First, the BazarCall runs an email campaign. The email campaign sends subscription-themed emails encouraging recipients to call a phone number to cancel or renew a subscription plan. After calling this fake call center, recipients are asked to visit a malicious website and download a file designed to install malware. This BazarCall campaign is used to distribute BazarLoader malware that provides the attackers backdoor access to the infected computers. It is possible that this campaign is used to deliver other malicious software as well, but the end goal is to deploy ransomware. It should be noted, this is only one variation of a scam. There are multiple BazarCall campaign variants used to trick recipients into infecting their computers (Tomas Meskauskas, PCRisk, Do not call the numbers provided in the BazarCall email campaign, June 2nd, 2021, https://www.pcrisk.com/removal-guides/20922-bazarcall-bazacall-scam).
Run an Antivirus Scan or Forensic Malware Scan
If you are concerned that your network’s email has BazarCall sitting in it, you can run an antivirus scan or run a forensic malware scan. For the former, most businesses have Norton, McAfee, etc. For the latter, RB’s Computer Service has access to tools that take it a step further. For a forensic scan, don’t hesitate to contact RB’s Computer Service at 763-441-3884.
Microsoft Security Intelligence, or MSI, says that while Microsoft 365 Defender is equipped to identify and defend against such spurious emails, it is the lack of any tell-tale malicious elements in the emails that is currently proving to be a challenge. People cancel and renew subscriptions every day and add new ones sometimes by mistake. Nobody wants to pay for a subscription they don’t want, so when they get a compelling email from a trusted name or a look-a-like, it triggers a reason to contact the fake call center. But don’t fall for it. Next, avoid opening files downloaded from questionable websites, via Peer-to-Peer networks, third-party downloaders, and so on. It is safe to open files or use programs that were downloaded from legitimate pages and via direct links.
Another important thing is not to open files or website links in irrelevant emails that are received from suspicious or unknown senders. Quite often, emails of this kind contain malicious files, links designed to deliver malware. Finally, installed operating systems and software should be kept up to date (Tomas Meskauskas, PCRisk, Do not call the numbers provided in the BazarCall email campaign, June 2nd, 2021, https://www.pcrisk.com/removal-guides/20922-bazarcall-bazacall-scam).
If you don’t have a ransomware strategy or don’t know where to start, don’t hesitate to contact RB’s Computer Service today. The cost of a ransomware protection plan is a drop in the bucket compared to recovery costs or ransom payment. To devise a ransomware strategy, contact us via phone or email: 763-441-3884, help@rbsmn.com. In addition to ransomware strategies, RB’s Computer Service sells the best commercial-grade firewall routers, best laptop computers, best desktop computers, business computers, computer parts, and computer monitors. We also provide managed IT services, computer repair, iPhone and smartphone repair, and tablet repairs to customers and clients throughout central Minnesota and St. Cloud.