Security Protection – Harry Waldron MVP Rotating Header Image

Malware – Cryptolocker attack uses fake Australian Electric Bill

Cryptolocker is a highly destructive attack that can permanently encrypt files so they cannot be recovered without paying for a key to unlock.  This new attack is well described and realistic enough to trick some users.

https://isc.sans.edu/forums/diary/Fake+Australian+Electric+Bill+Leads+to+Cryptolocker/18185

https://www.virustotal.com/en/file/ad9692b0d589faf72121e4c390138dfe872fe913f73dd1edb699e60bab38f875/analysis/

QUOTE: The e-mail claims to come from “Energy Australia”, an actual Australian utility company, and the link leads to malicious site with similar name. The first screen presented to the user asks the user to solve a very simple CAPTCHA. This is likely put in place to hinder automatic analysis of the URL: The “bill” itself is a ZIP file that includes a simple ZIP file that expands to an EXE. Virustotal shows spotty detection.  Once downloaded and unzipped, the malware presents itself as a PDF.  But then, as soon as the malware is launched, it does reveal it’s true nature

Comments are closed.

Network-wide options by YD - Freelance Wordpress Developer