A ransomware campaign that bolsters its attack success rate with added phishing has been discovered.
The ransomware, found by MalwareHunterTeam, locks a victim’s computer before instructing them to pay a ransom fee via PayPal. To obtain the decryption key, victims can follow the link to the PayPal phishing page, where their login credentials are stolen.
MalwareHunterTeam said: “Clicking on the ‘Buy Now’ button, it directs to the credit card part of the phish already (skipping a log-in request). After filling and clicking ‘Agree’ comes the personal info part, and then finished,” the team tweeted. Once the payment has been made, the victim receives a confirmation, the team explained.
Victims who opt to pay with Bitcoin are also asked to send culprits an email with a reference number, which is provided in the ransom.
Corin Imai, senior security adviser at DomainTools, said: “Malicious actors are continually becoming more sophisticated. With this particular campaign involving phishing as an immediate follow-up threat vector to the ransomware, this attack has the potential to cause significant harm.”
Not only will victims be dealing with the impact of ransomware, but many will also be directed to a carefully crafted phishing site that will attempt to steal their credentials, Imai noted.
She said: “As seen in past attacks, ransomware campaigns have targeted individuals with the threat of releasing compromising content or rendering their computers useless, leaving victims feeling that they have no choice but to pay up. The best advice in this scenario is to be hyper-vigilant, double-check URLs, and when in doubt, don’t click.”