New Ransomware Encrypts Data And Steals Payment Info

There’s a new strain of ransomware being deployed with increasing frequency.  Believe it or not, it’s even more dangerous than the strains we’ve seen in recent months.

Unlike other types of ransomware, this one not only encrypts your files and demands payment (which is bad enough) but it also attempts to steal your credit card information via a PayPal phishing page included in the code.

Most of the ransomware we’ve seen will lock up your files and demand payment in BitCoin.  This one offers you the choice of paying the fee via PayPal and provides a “helpful” link to facilitate payment.

Unfortunately, the link in question doesn’t point to PayPal, but to a phishing site that the hackers control. The site tries to get you to enter your credit card information, along with your PayPal credentials.  Most victims will be in such a rush to get their files unlocked that they won’t even think to look. Despite being a convincing copy of the PayPal payment screen, the domain is definitely not PayPal.

Of course, even after you hand over all the required information, no payment will be made. The victim will get a message that their PayPal account has been locked. No matter, the hackers already have your financial information and can max out your credit card or drain your bank account depending on the card information you provided.

This is the most sophisticated ransomware-based attack we’ve seen to date and is a clear sign of things to come.  Based on the early success this new strain is enjoying, we can expect to see an increasing number of hackers employing similar tactics as the threat matrix continues to shift, change, and evolve.

That’s bad news for IT security personnel, who are already struggling to stem the tide.  Stay on your guard.