In an evolution of the usual infection, a new ransomware has beendiscoveredthat not only encrypts your files, but also tries to steal your PayPal credentials with an included phishing page. The ransomware itself is nothing special, but the ransom note is clever as it not only tries to steal your money through a normal bitcoin ransom payment, but also offers a choice to pay via PayPal. If a user choosesto pay using PayPal, they will be brought to a phishing site that will then attempt to steal the victim’s PayPal credentials.
Expert Comments below:
Corin Imai, Senior Security Advisor at DomainTools:
“It is unsurprising to see two well-known cybersecurity attack vectors combining. As ransomware-as-a-service and phishing kit offerings have become easily available for even non-technical users on the dark web, it was only a matter of time before a threat actor tried to kill two cyber-birds with one stone, doubling their potential earnings with minimal effort. The advice for both phishing and ransomware remains the same: If you fall victim to a ransomware attack do not pay the ransom, and always check the authenticity of a website before inputting any personal or financial details to avoid falling victim to phishing, especially if you’re directed to the website via a ransomware infection!”
Maor Hizkiev, CTO and Co-founder at BitDam:
“This technique aims to maximise the ROI for the attacker. Once the victim falls into the trap and pays the initial ransom, they will also be duped into providing their PayPal credentials, which will profit the attacker even further. This kind of attack demonstrates that once an attacker gains control, there is no limit to what they can do and how much money they can steal.
The best thing for a user to do is to try and prevent this attack from happening in the first place. To some extent this can be achieved with education. For example, users should never open a file/ link that they are not familiar with. However, the most comprehensive approach is to apply an advanced security solution which prevents attacks from reaching the user’s device in the first place. By stopping the attack at source, the risk attached to the user being exposed to the scam is totally eradicated and their money and details are protected.”
Jake Moore, Cyber Security Expert at ESET UK:
“Checking the finer details in emails may sound time consuming but when you’ve just been hit with a ransomware attack, every minute must feel like an hour. As well as checking the URLs on any unexpected emails, it’s imperative that you include two factor authentication on all accounts, but especially those connected to finances. Also, it’s a good idea to check your security questions and answers inPayPalas these may have been input many years ago and it’s possible that hackers can use open source research to find these answers.”