How It Works |
The attack begins with an email claiming to be a response to a previous mail contains an attached zip file. The zip file contains no resume, but an HTML file. This HTML file refers to a hacked WordPress page with an iframe. This iframe pointing back to Google Drive where the second zip file is downloaded. The contents of the zip file is a .scr file that actually CryptoWall is 3.0 ransomware.
This ransomware encrypts then all kinds of files on your computer and requires a certain amount to decrypt them. According to Cisco cyber criminals with this kind of tricks, and the use of macros and password-protected zip files, very successful in bypassing various security solutions.
Hashes:
Zip Files:
6be76dcc877ac42d5af53807b4be92172dea245142e948dba1367c274ab6a508
36da04ec68a9e0031f89d12065317f8a64ca3598ad0349991fb684e323435a62
10fbbeb985f18de13a145f05314a4ab2aaf42fcc276c3e24c6491b6482fe1d5f
2a7b9016bb8004d101dba337c5d1e679c4b88bea198e425a42081ec4186e5b45
b53b58df6445bc4c754f178af66f0b3a5ddf1e93971439d05be61ad9f0bc0997
5fead4017f0770fd0dd8a99b97b514730f46c30ecd61857b1359701b2d73caa7
0c066baf5153cd8e522b74316fed24c075020ff59c52361f253918fa2d66c7ad
3889d489f3905164b2c5731b8fb9c9bbe95ead175c7070f0aa77efe040a18b35
5bf3471231a4b0a5ad0685c9ee36e9f1f21df3f6c8fcbcb83d60fd64cc513582
f6ad2ad1fceb98f6a61360afd17d02dab4c0d2919fa6ddfd978582cf044a9655
81af832b81e034dfe742698104a90c1ff6bd490e1c289a49968a15036a268a6b
2c03f7497ea8cfc4e8633f0ced8d28e65d8505f94e8d28297c7096f42d8bf2a2
2dd699613d9b6b709e4667457acefc3009db57684a85f488396c4e8f4c2d9521
Cryptowall 3.0:
No comments:
Post a Comment