Fake Telenor Ransomware Campaign

Today, a malicious email campaign was launched, targeting Norwegian entities. We have seen a large amount of these malicious mails addressed to our employees, customers and partners, and we would like to discourage you from interacting with this email.


The email itself visually appears to be from Telenor, with the subject line “Faktura Fra Telenor Norge AS, Mobil “. It has a payment date close to the future (10th of February), which is there to cause stress so you don’t think twice before clicking the links. The links will however send you to a malicious site, which aims to infect your computer with a ransomware. The ransomware will encrypt any file it has write access to (even open shared file systems), and then demands payment in order to make the files readable again.

In order to better secure your organisation against these types of threats we advise you to look at our article about this, which can be found here: Basefarm Ransomware Information

Further information about this specific attack:
Telenor Twitter
Dinside