04-09-2016 , 02:13 PM
Ransomware is one of the most prevalent security threats at the moment, and each week there are new examples that up the ante a little more. In recent months we have seen cross-platform ransomware, Tesla 4's unbreakable encryption, and the MBR-overwriting antics of PETYA, but a new phishing scam takes another approach.
In a cleverly orchestrated campaign, a phishing scam is doing the rounds whereby malware meets social engineering in a bid to extract cash from victims. It marries together the file-encrypting Maktub ransomware with a thinly-veiled threat -- home addresses. Quoting victims' home addresses to them serves two purposes: it adds a level of authenticity to the phishing email, but also acts as additional leverage by upping the fear level.
Andrew Brandt from security firm Blue Coat explains that victims receive emails informing them that they owe large sums of money to various businesses. To make the phishing scam seem genuine, victims are advised that hard copies of invoices will be sent to their home address -- which is listed in the email -- but a link purports to provide instant access to the documents. Of course, clicking the link is a mistake.
Speaking to the BBC, Brandt said that the speed with which the ransomware strikes is terrifying:
It's incredibly fast and by the time the warning message had appeared on the screen it had already encrypted everything of value on the hard drive -- it happens in seconds.
There have been suggestions that addresses have been gathered from eBay accounts, but this is something that eBay denies. What is clear however, is that quite some thought has been put into this ransomware campaign which is all about getting people to pay up.
As with other instances of ransomware, pressure is put on victims to pay the ransom to decrypt their files sooner rather than later. Pay within three days, Maktub promises, and the fee is 1.4 Bitcoins (around $588), but leave it a while and this increases to 3.9 Bitcoins (around $1638). The ransomware threatens that if it is ignored for more than two weeks encrypted data could be rendered completely unrecoverable.
source