Cyberattackers are using the Colonial Pipeline ransomware attack to their advantage by leveraging further phishing attacks. Cybersecurity firm INKY reported that it recently received multiple helpdesk emails about the campaign, which follows a typical phishing trend of using widely-covered news events to lure victims into clicking malicious emails and links. INKY customers reported that they received emails discussing the ransomware attack on Colonial Pipeline and prompting them to download a ransomware system update. The email insisted that the download would prevent their organization from suffering from a cyberattack such as the one that targeted Colonial Pipeline. However, the emails were fraudulent and the link leads victims to download malware instead.

The links take users to websites with legitimate-sounding names, such as selectivepatch.com. The same domain that delivered the emails also controlled the links, according to INKY. The fake pages donned logos and images from the target company to be more convincing. The download button actually downloads a Cobalt Strike file onto the user’s computer, rather than ransomware protection software. INKY states that the phishing attack began to circulate after it was revealed that Colonial Pipeline paid millions to the REvil ransomware group to restore its systems.

Read More: Hackers use Colonial pipeline ransomware news for phishing attack