Skip links

Latest Ransomware Techniques: BazaCall

Ransomware is the most dangerous cyber attack facing organisations at this time. A new technique for infecting systems has been gaining traction recently, and it doesn’t use links or attachments so is much more difficult for email security systems to block or for staff to recognise as dangerous. Known as BazaCall, it uses telephone calls to trick staff into opening a malicious document. In the initial part of the scam, employees of the target company will receive an email that says that their trial subscription for a service has expired and their credit card will soon be charged. The idea is to make the receiver confused and angry about why they’re paying for something they haven’t requested. The email will encourage the receiver to call a number in order to cancel the payment.

If the victim calls the number, they will be put through to a call centre that will appear to be for the company sending the email. The call centre agent will encourage the victim to visit the website of the company, which will then prompt them to download an Excel spreadsheet in order to process the cancellation. Because this is done over the phone, it allows the call centre agent to use social engineering techniques to convince the victim that the scam is legitimate. Once downloaded, the victim will be encouraged to open the Excel document and click the Enable Content button (the yellow prompt that appears below the ribbon, as shown below):

Once the victim clicks the Enable Content button, a malicious macro will run that downloads the ‘BazaLoader’ malware, which grants the cybercriminal complete control of the victim’s computer. From there, they can either steal data or install ransomware that can then spread to the company network.

From a criminal perspective, this technique has several advantages. It bypasses the need for a link or attachment, which makes it much more likely the email will be successfully delivered to the victim. It also allows them to use social engineering techniques on the victim if they do call the number, reassuring them that is ok to bypass any security prompts. In order to stop cybercriminals from being able to conduct this attack, Falanx Cyber offer two main solutions: Our Managed Endpoint Detection and Response service (M-EDR), which is as a more advanced version of anti-virus that works alongside your existing anti-virus solution and protects you against these more sophisticated threats. Our flagship Triarii Managed Detection and Response (MDR) includes not only the M-EDR service but is also able to detect any abnormal and dangerous activity anywhere on your network and prevent it from encrypting files and also stop the criminal extracting data, as well as preventing many methods that the attacker would use to breach the defences.

Contact us now for more information.