New Ransomware Phishing Scheme

The perception the public have of cyber criminals is one of large scale organisations writing complex code and who then use sophisticated methods of releasing the attack.  Not so!

ZDNet reported on a new ransomware phishing scheme for aspiring cyber criminals that lets them into the ransomware racket at no cost at all, but at a steep 50/50 split with the people that provide them with the malicious code.  We think that this will not be a major hurdle and that this strain that uses phishing with malicious attachments will take off in the very near future.

This new ransomware phishing scheme is providing malicious software to affiliates for nothing in exchange for a big slice of any successful scores. The move represents another evolution in ransomware which could make it an even more dangerous threat, because criminals may be tempted to download it and launch a ransomware campaign as they don’t need to part with their cash to do so.”

Victims are infected with the Dot ransomware using malicious phishing attachments, which will encrypt their files when they run and open a ReadMe HTML, informing them they need to pay a Bitcoin ransom in order to regain access to their data.

The scheme reared its ugly head in mid-February and all the user needs to get started is access to the download via the Tor browser and register a Bitcoin address.

Once this is done, the Dot criminal coders allow a download with a getting started guide, including help on which file types to use to distribute ransomware, and hints about the level of ransoms to charge in which countries. They provide a dashboard to keep track of the number and status of infections and the code is designed like normal modern software.

This warning item is courtesy of our friends at Knowbe4.