Tuesday 9 June 2015

Cv Ransomware Spreading Through Double Zip File

How It Works
The use of CVs and zip files to distribute ransomware has long been distributing a successful method for cyber criminals to ransomware and other malware, but researchers from Cisco recently discovered an attack in which two zip files were used.

The attack begins with an email claiming to be a response to a previous mail contains an attached zip file. The zip file contains no resume, but an HTML file. This HTML file refers to a hacked WordPress page with an iframe. This iframe pointing back to Google Drive where the second zip file is downloaded. The contents of the zip file is a .scr file that actually CryptoWall is 3.0 ransomware.

This ransomware encrypts then all kinds of files on your computer and requires a certain amount to decrypt them. According to Cisco cyber criminals with this kind of tricks, and the use of macros and password-protected zip files, very successful in bypassing various security solutions.



Hashes:

Zip Files:

6be76dcc877ac42d5af53807b4be92172dea245142e948dba1367c274ab6a508
36da04ec68a9e0031f89d12065317f8a64ca3598ad0349991fb684e323435a62
10fbbeb985f18de13a145f05314a4ab2aaf42fcc276c3e24c6491b6482fe1d5f
2a7b9016bb8004d101dba337c5d1e679c4b88bea198e425a42081ec4186e5b45
b53b58df6445bc4c754f178af66f0b3a5ddf1e93971439d05be61ad9f0bc0997
5fead4017f0770fd0dd8a99b97b514730f46c30ecd61857b1359701b2d73caa7
0c066baf5153cd8e522b74316fed24c075020ff59c52361f253918fa2d66c7ad
3889d489f3905164b2c5731b8fb9c9bbe95ead175c7070f0aa77efe040a18b35
5bf3471231a4b0a5ad0685c9ee36e9f1f21df3f6c8fcbcb83d60fd64cc513582
f6ad2ad1fceb98f6a61360afd17d02dab4c0d2919fa6ddfd978582cf044a9655
81af832b81e034dfe742698104a90c1ff6bd490e1c289a49968a15036a268a6b
2c03f7497ea8cfc4e8633f0ced8d28e65d8505f94e8d28297c7096f42d8bf2a2
2dd699613d9b6b709e4667457acefc3009db57684a85f488396c4e8f4c2d9521

Cryptowall 3.0:

No comments:

Post a Comment