PARCA eNews – April 21, 2017 – Phishing security company PhishMe is reporting that the Locky ransomware that staged many of the ransomware attacks in 2016 has re-emerged with a PDF twist.
On their blog, the anti-phishing firm is reporting that the methods used to deliver the Locky payload are significantly different that the previous version. The new version uses the Dridex malware in conjunction with a PDF document that breaks from the expectations for how IT security and potential victims about how this threat looks.
The PDF attachments use a straightforward infection process. Opening the PDF prompts the recipient to give permission for the PDF reader application to open a second file. Clicking OK opens a second file extracted from within the PDF, which is a Word document with a macro script that downloads the Dridex payload. The bot then seeks out and encrypts a wide variety of valuable and mission-critical documents and files on the victim’s servers.
PhishMe cautions its customers to be wary of emails containing suspicious links or attachments. Specific to this sample, we recommend that customers be observant for unexpected emails with a password protected attachment and the password within the body of the email.
Source: PhishMe is a cybersecurity company specializing in protection against Phishing attacks.
No comments:
Post a Comment