HQ/EMEAFind out how we can help your business
Mozilla, the organisation behind the well-known Thunderbird email client, has released an advisory regarding the fake Thunderbird downloads a hacking group has leveraged to spread ransomware.
The advisory came after the exposure of the illegal actions of the Snatch ransomware group. Based on reports, the website linked to the Snatch group had suffered a data leak, revealing sensitive information that included victim names, visitor IP addresses, and insights into the group’s internal operations.
One of the most intriguing aspects of the leak is that the Snatch group had been leveraging paid Google advertisements to spread their malware strains. Moreover, the group disguises their software using trusted apps like Adobe Reader, Discord, Microsoft Teams, and Mozilla Thunderbird.
Mozilla emphasised the term ‘ransomware alert’ in their advisory regarding fake Thunderbird downloads.
Mozilla explained that these fake Thunderbird downloads could come from malicious apps from unverified sources. Hence, the organisation urges everyone to acquire or download Thunderbird only from trusted websites or authorised app stores. The primary objective of these reminders from Mozilla is to protect its users from the hackers’ ransomware attacks.
Unfortunately, the true challenge for Mozilla is the location of the malicious websites that host these fake Thunderbird downloads. Most of these sites that endorse fake Thunderbird apps come from Russia, making takedown difficult. This detail indicates that Mozilla needs international cooperation to address the situation.
This incident could also impact many individuals and organisations that rely on the application. They should not underestimate the threat posed by the Snatch ransomware group since even a tiny percentage of Thunderbird users could result in significant potential damages.
On the other hand, the severity of the issue has prompted the United States government to release an alert recently. The government has warned critical infrastructure organisations about the ongoing Snatch ransomware attacks.
Therefore, users should remain vigilant when downloading applications, especially from unreliable and third-party sources. Organisations, governments, and individuals should work together to report these activities to create a healthy environment that could counteract cybercriminal threats like the new Snatch ransomware campaigns.
