Friday, 3 July 2015

Ransomware Distributed Through Google And Yandex Disk Drive

Cyber criminals have started a new campaign in which she websites of ministries and energy companies to recreate and then spread through Google Drive and Yandex Disk ransomware. It is a campaign of the Torrent Locker ransomware, which according to the Japanese anti-virus company Trend Micro focuses primarily on UK Internet users.

The attack begins with an email from British Gas, the Ministry of Interior or the Ministry of Justice seems to come. Unlike many other ransomware attacks the e-mail contains no attachment but a link that points to a convincing website. This site seems to be a copy of the original site of the power or ministry, stating that the user must enter a captcha, for example, to see his energy bill.

The captcha is probably the researchers used automated analysis to avoid anti-virus companies and researchers. Once the captcha is completed there will be downloaded a zip file. Were these zip files before storage services SendSpace, MediaFire and stored now use the cyber criminals Disk Yandex and Google Drive.

For hosting the images used in the emails make criminals using hacked websites. Trend Micro discovered a total of 800 hacked domains where the images were stored or used as redirect the link in the e-mails functioned. 

No comments:

Post a Comment