Security Alert: Booking.Com Fake Emails Infect Computers with Sodinokibi Ransomware
Opening attachments will download and run a dangerous GandCrab strain
Last updated on February 22, 2021
A new spam campaign pretending to be from Booking.com is now targeting users. The emails carry a document containing macro code. If someone clicks on the document, opens it, and allows the execution of the macro code, a loader will be spawned.
This will download and run ransomware of the Sodinokibi class.
How does the fake Booking.com email that infects you with ransomware work?
Your active Thor subscription will protect you from unwanted threats. However, if you check your email from other devices unprotected by Thor, please be careful and double check if the messages you receive are legitimate.
*This article features cyber intelligence provided by CSIS Security Group researchers.