Ransomware is by no means a new attack vector. Most people of heard of it and many individuals and businesses have already fallen victim to ransomware attacks, with some even paying hackers in the panic to unlock their data.
Of course, it goes without saying that paying the ransom isn’t a good idea. The UK’s National Cyber Security Centre (NCSC) has issued guidance around this, which we can come back to later.
But a new and major threat has confirmed ransomware is developing fast. According to Bleeping Computer, in-development ransomware has been discovered that tries to steal your PayPal credentials via a phishing attack in addition to encrypting files.
Discovered by the MalwareHunterTeam, the ransomware itself is unremarkable, but the ransom note is the clever part: it offers a choice to pay via PayPal as well as the usual Bitcoin route.
And the scam offers criminals a double whammy of benefits: People who choose to pay using the internet’s payment method of choice will be directed to a convincing-looking phishing site which will attempt to steal the victim's PayPal credentials.
But the PayPal phishing site doesn’t work exactly like the real thing. When users click on the “Buy Now” button, they are directed to the credit card part of the phish, skipping the login.
Once a victim submits their information, it is sent to http://ppyc-ve0rf.890m.com/s2[.]php, where personal information such as your address is stolen. The phishing page then tells the user their account is unlocked and they are redirected to the PayPal login page and prompted to log in.
Avoid becoming a victim
Like many other cyber-attacks, ransomware is becoming increasingly sophisticated and in this case, it’s even more lethal combined with another attack vector: phishing.
It’s not always possible to avoid being hit by ransomware, but if you are, some simple steps can help reduce its impact. The official advice is not to pay the ransom. For more information, the NCSC has published advice on mitigating against ransomware.
When it comes to avoiding the phishing side of this latest threat, people need to be careful what they click on and to double check the URL of any website that asks for personal information.
The premise is simple. In fact, Jake Moore, cyber security expert at ESET says this phishing attempt “inherently uses classic techniques that have been used for years and can usually be overcome by educating users”.
He adds: “Targets will always need to be on guard when sent to a link and it’s vital they actively check the URL - especially when the phishing site looks very genuine.”
Meanwhile, PayPal offers two factor authentication which, when turned on, can offer a vital extra layer of security should your password and username be compromised, Moore says.
However, he warns: “Another point to remember when using PayPal is to check your old security questions if you set them up years ago. It may in fact be possible for hackers to work these answers out through the power of open source research, which is a technique regularly used by attackers.”
More generally, Maor Hizkiev, CTO and Co-founder at BitDam says users need to adopt a “vigilant and suspicious outlook” when receiving emails, particularly those that request their credentials and private information. In addition, he advises: “They should not click on any link or download or open a file unless they are sure that it is from a reliable source.”
The most sensible thing to do is not to give away personal details unless you are absolutely sure the site is legit. If it’s part of a wider ransomware attack, you’re safe to assume it’s probably not.
