Last week, DocuSign acknowledged that they were a victim of a data breach which has now resulted in DocuSign-related malware attacks. Ransomware and other malware may be hidden in files disguised as DocuSign-ready attachments.
Although DocuSign users may be the primary targets of these campaigns, you need not be a DocuSign user to receive a tainted email. ANYONE could get one of these infected attachments. All users should be suspicious of any email with the following subject lines, or something similar.
- Completed: [domain name] – "Wire transfer for recipient-name Document Ready for Signature"
- Completed [domain name/email address] – "Accounting Invoice [Number] Document Ready for Signature"
- Subject: “Legal acknowledgement for [recipient username] Document is Ready for Signature”
Do not open an email with one of these subjects; instead, DELETE the email without opening it.
These emails usually have Word or pdf documents as attachments. When you click on an infected attachment, malware is activated and attacks your computer and all connected devices and drives on the network. The DocuSign-related campaigns have used variants of Cryptolocker in ransomware attacks that encrypt all the files on a workstation and attached network drives and demand a ransom payment to release the encryption password to the user.
Think Before You Click
A sample infected email is below. Notice that here is no way of knowing if is legitimate or not from the email itself. If you are even 1% uncertain of the legitimacy of an email, pick up the phone and verify with the person who sent it to you, or contact your IT department BEFORE opening the attachment.
What Can I Do?
The only defense against these dangerous campaigns is awareness. Increase awareness and vigilance across your organization through quality user training. Training reminds staff to maintain a high level of suspicion about unexpected emails, and teaches staff the appropriate actions to take when they suspect malicious intent. Hilltop has strategic partnerships with highly respected security solution providers to help in the ongoing effort to protect against threats of this nature. We will ensure your staff members are trained and your systems are monitored for attacks of this kind.