Employees targeted with Bitcoin ransom phishing attack

Malware

by | 09 June 2014

PhishMe uncovers evidence of malicious malware stored in Dropbox

Security vendor PhishMe has warned corporate employees using Dropbox to take extra precautions to avoid becoming a victim of a phishing attack in wake of new data that cybercriminals are sending out emails with malicious links on the popular file-sharing service.

PhishMe has uncovered evidence of a new ZIP file on Dropbox containing a screensaver, which is actually a ransomware similar to CryptoLocker. The users are tricked into clicking on the link through disguises, so that the link appears to point to an invoice or a fax report or message.

As soon as the user clicks on the link to the ZIP file, the screensaver file inside launches the malware that encrypts files on the user's hard drive.

The user will then receive a page on their default browser with a demand of $500 in Bitcoins as ransom in the criminals' electronic wallet, which doubles to $1, 000 after a certain amount of time has lapsed. The ransom demand and payment transactions are conducted over the Tor anonymity network.

About 20, 000 files are estimated to have been encrypted till now, which include documents, archive files, executables and JPEGs.

A random examination of three of the attackers' wallets by PhishMe has revealed collection of at least $62,000 in ransom payments.
PhishMe's employees also received the phishing emails, post which, it discovered the scam.

Comments
Post a comment

Comments may be moderated for spam, obscenities or defamation.

Join our network

747 people like this.
0 people follow this.

Malware Intelligence

Privcy Policy

We have updated our privacy policy. In the latest update it explains what cookies are and how we use them on our site. To learn more about cookies and their benefits, please view our privacy policy. Please be aware that parts of this site will not function correctly if you disable cookies. By continuing to use this site, you consent to our use of cookies in accordance with our privacy policy unless you have disabled them.