New Herbalife Ransomware Attack

Nick Santora | September 20, 2017

A new kind of ransomware is aggressively spreading across the world and it looks like an Herbalife order, as recently discovered by Barracuda malware research. Apparently, Barracuda systems have blocked over 27 million of the emails, and the attacks continue to grow. This is not the first time we have seen a massive global ransomware attack, but this is spreading rapidly.

What does the Herbalife Ransomware email look like?

The attacks look like they are coming from Herbalife Nutrition after placing an order. The domain is spoofed and they are targeting unexpected victims to open an email attachment. The subject will look like you received an order notification from Herbalife and then the body of the email asks you to open the attachment. The attachment will then infect the machine and install the ransomware. The attack is using a variant of the Locky ransomware and is quickly spreading throughout the world, with most attacks originating from Vietnam.

What can I do to prevent this?

If you are a Barracuda email security customer or Advanced Threat Protection customer, you are protected from this attack. For everyone else, do not open any email attachments resembling this attack or any other email attachments coming from unknown senders. It is crucial that you educate your employees with an effective security awareness training program so they can identify the risks associated with ransomware. Every employee in your organization is a target and are critical to help defend against ransomware threats.

Watch Curricula’s free security awareness training episode and help keep your businesses protected from ransomware attacks.

Watch Free Episode

Author: Nick Santora
  • Nick Santora

CISSP, CISA, Chief Executive Officer of Curricula.