0

People, not employees or users, just ordinary people with no relation to us, have been getting scam emails, prompting them to open and download a link from Dropbox.

I think this link contains files that are infected with ransomware.

What should we do to mitigate this problem? We don't want our company to be associated with this scam. Are there any steps we could follow?

Our company is based in Norway.

sch
  • 145
  • 4
  • 5
    There's little you can do directly to stop this, I suggest contacting the cyber crime division of your country's police force. I would also add a page to your website that people can find explaining the situation in case these victims come to your site looking for info, explain you are not part of it and not to click any links. – iainpb Mar 06 '17 at 11:31
  • The term you're probably looking for is "ransomware". – S.L. Barth Mar 06 '17 at 11:31

1 Answers1

4

In practical terms:

  • try contacting your local CERT/CSIRT/CIRT (https://www.cert.org/incident-management/national-csirts/national-csirts.cfm) and make them aware of the issue
  • make sure you have some information available for potential victims, that explains you are aware of the issue, and are trying to do something. Consider making this information visible in places like Facebook/Twitter/wherever else you think people might be going to find out what is happening to them
  • try contacting your local police and reporting a violation of your commercial trademarks (or whatever analogue for that might make sense)
  • try contacting Dropbox, and see if they can do anything about the link, and whether they might also be prepared to link to your public info about the issue (total shot in the dark, but you never know).
  • if you think there is a chance it could help, consider contacting the relevant Network Information Centers (france: https://www.afnic.fr/, germany: http://www.denic.de/en/) and asking for their help. It doesn't sound like you are in the best position for that, but if the mails were trying to spoof/mimic your domain in some way, you might have some traction.

I suspect putting up a statement would be your first priority, as would be contacting Dropbox.

While I suspect (based partially on previous, somewhat similar experiences) you will have some difficulty with getting the police to take up your issue, I think that if you try and avoid pointing too much to the ransomware aspect, and focus on the commercial harm being done, you might at least be able to get a complaint recorded (this might be useful, or necessary, for the CERT to help).

The email itself is purporting to be an invoice from your company, so I do think you have pretty good grounds (I am not a lawyer, and even less so in Scandinavia) for reporting this as a commercial crime. This will probably not really help that much in practice, but is due diligence, and having a police complaint may be useful when dealing with other entities.

I think I would try and contact the local CERT first, if only because they might be able to help point you in the right direction with regards to recording a complaint with the police.

Do keep in mind, too, this sort of thing is far from uncommon, and all kinds of companies are regularly 'targeted' in this way - the ISC (https://isc.sans.edu) has some variation of this scam, often involving a big name multi-national, reported on most weeks.

iwaseatenbyagrue
  • 3,631
  • 1
  • 12
  • 24