Just a few days ago we received an alert from Endesa, a Spanish electricity company, warning us of a new online scam targeting victims through fraudulent emails. The cyber-criminals send out fake invoices to Spanish users, using the Endesa name, and then the attack hits soon after. Unfortunately, the cyber-criminals were successful in their first attack and have expanded to other countries. It is very difficult to estimate the number of people who have received the email and who have fallen victim to this scheme.

In the past few hours, a similar attack has arisen. The state-owned electric company in Poland, PGE, has fallen into this cyber-criminal network, amplifying this attack-method to an international level. Just like the incidents in Spain, important and sensitive information, belonging to both companies and individuals, have been infected after opening an infected file with the supposed electricity bill (which is really high, by the way).

We are facing a massive fraud that has transcended borders with a very lucrative goal: forcing you to pay a ransom to reclaim your personal files.

In both cases, the campaign has worked in a very similar way: by sending false invoices using the name of an electricity company, while infecting the computers of naïve victims with a locky computer virus. Although the malware has only reached Spain and Poland, it’s quickly growing and your country could be hit next.  Here are some tips to help you combat this threat:

The Online Invoice Scam, Step-by-Step.

  1. In both of the analyzed cases, the email in question reaches the spam mailbox and in the subject box is the name of an electricity company that corresponds to the country.
  2. It appears as though the fake invoice is the same in both countries. After carefully analyzing the PGE situation, we see that the message may appear somewhat messy, with Polish characters inserted into the text at random.
  3. When the user wants to learn more about the factitious bill, they will click on the button with the text “See Your Invoice and Consumption” that appears below the energy consumption summary. But by then, it is too late. After clicking the fake button, the ransomware that is contained inside the Zip file is executed and a malicious Java code script begins to run on the system.
  4. In this case, the schemers continue to trick their target by asking them to complete a Captcha to gain access to the Zip folder. This makes users think that they are carrying out a safe action, but in reality, their cyber-security is being controlled by a very powerful ransomware.
  5. Once the malicious program has been executed, the user will be blocked from accessing personal files. Locky is an aggressive kidnapper and will only return the personal information once a ransom has been paid.

Endesa 3

Don’t fall into a Scam That Is Tailor-Made for You

Each time, there are more detailed and customized attacks. Their creators are getting away with their wrong-doings using the names of prestigious companies, making it easy to fall into this trap.

One thing is clear: if you are not protected against this type of ransomware, your personal and company files are at risk of being abducted.

Avoiding this situation will free you from paying a ransom and will prevent giving up important information and time to the internet’s predators. There is one solution on the market that is able to control any and all types of threats, including Cryptolocker: Adaptive Defense 360.

When you receive an electric bill, you should only worry about how much energy you have consumed. Here at Panda, we will continue on our mission to detect and neutralize all threats and protect all of our customers.