skip to Main Content

Cybercrime, unknown ransomware encrypts data by inserting the ransom note into each of them

Technical analysis by the Malware Hunter JAMESWT

An unknown ransomware encrypts the data by inserting the ransom note into each of them. The malware spreads via a fake order and a link in the email. The data of the infected computer is sent via SMTP

False order carries an unknown ransomware. By selecting the green button (download) of the email, a url is contacted, and it downloads a zip file to the victim’s computer.

This contains a JavaScript that, if opened, creates and activates an executable, which infects the PC with malware, encrypting the files inside in txt format. Moreover, the cybercrime actors have inserted the ransom note in each of them.

The ransomware also sends data from the infected computer via SMTP.

The main domain is currently still active, but it redirects to links disabled by Orange.

The links contacted to download the zip file

Back To Top