New ransomware scammers breed is coming to the scene

We recently were conducting some security consulting for some clients when we caught a new breed of ransomware scammers coming in the scene.
This breed is attacking mostly small to medium companies who are selling something.

This problem can be easily solved.
Windows users can download free antivirus solution CyberByte by clicking the banner below. The free antivirus will help you to know if your PC is infected. Windows free antivirus of CyberByte is an awarded software for malware detection.

Mac / MacOS / OS X users can download free Mac antivirus solution CyberByte by clicking the banner below. The free antivirus will help you to know if your Mac is infected. MacOS / OS X free antivirus of CyberByte is an awarded software for malware detection. The free antivirus for Mac is available for new MacOS and older OS X versions.

Features of CyberByte™ antivirus:

  • Protects you from all kind of threats
  • CyberByte™ custom detection engine includes Mac and Windows malware protection and detection
  • Fastest scanning times in the market
  • Crypto Mining rogue extensions/malware detection
  • Ransomware detection - don’t negotiate with ransomware cyber terrorists – keep your Mac and Windows safe
  • Active live protection from background
  • Certified Threat Detector by OPSWAT
  • Easy to Install
  • Easy to Manage
  • Incredible value for money

Invisible, protecting you from behind the scenes - You will not feel it is installed on your computer, easy on the resources, like a protection software should be.

Original technology that combines behavioral heuristic analysis with powerful signatures database – the CyberByte™ Protection Engine  delivers top of the line protection in an instant.

Fastest scanning times in the market – your time is precious, but also so is your digital life – CyberByte™ delivers fast scanning saving both time and your valuable data.

Don’t negotiate with ransomware cyber terrorists – keep your Mac safe and don’t ever end up paying for what is already yours.

Protect others as well – the CyberByte™ Protection Engine  not only detects the threat but stops it from spreading to other Macs or Windows machines.

Don’t let strangers use your resources – more than 80% of the attacks are crypto mining driven. Are you sure your computer is not mining for crypto while you read this text?

Our malware protection will continuously look after your device providing the best security against viruses. Give us the chance to prove it by downloading the antivirus for your device.

The free download antivirus is available for both Mac and Windows users.

CyberByte Antivirus is a certified product by OPSWAT (OPSWAT is a San Francisco-based software company that provides solutions to secure and manage IT infrastructure. Founded in 2002, OPSWAT delivers solutions that provide manageability of endpoints and networks, and that help organizations protect against
zero-day attacks by using multiple antivirus engine scanning and document sanitization.
To learn more about OPSWAT’s innovative and unique solutions, please visit http://www.opswat.com).

https://alert-engine.com/wp-content/uploads/2018/01/opswat.png

After we made a few research into the Dark Web, we manage to come to the conclusion that this type of scam is growing bigger and bigger.
There are lots of forums who are speaking about this new way of “making money” among the “skiddies”.

So the attacking scenario they use is the following:

First the scammer need to get hands on any ransomware source code such as Hidden Tear and modify the output text with it’s email address, where lately, after the infection the victim will contact him.

Than a company that sale something must be contacted, telling them that he wants to buy a product that they are offering. To look genuine the fraudster is requesting also an invoice, justifying that it is needed for his bank to process the payment for the goods.


Widget not in any sidebars

After he receives this invoice, a few days later, he contact the sales department person, sending an email telling that the payment is done and the confirmation of transfer is attached to that email.
Most of the emails we caught in our honeypots are using forged Microsoft Word documents, embedded with macro and the ransomware exe file or powershell.

The scammer is betting on the fact that most of the sales department employees has tons of un-backup data, most of this data are crucial since they are invoices, orders or payment confirmations. The second factor – the fraudster is sure – after the infection is done, the sales department employee will urgently contact him by email. The scammer will tell him: “Your boss will be mad that the company files are encrypted. Why to lose your job for X BTC”. At this moment the ball is on the fraudster yard and he has 80% to extort money from the employee.

We encourage all Microsoft Word users to disable the the automatic running of macros, apply updates as soon as they become available and don’t run any macro if they come from an unverified source.

The procedure is simple:

  • Just free download antivirus from CyberByte website either for Mac or Windows.
  • Install it using the antivirus installer package.
  • Windows and Mac users will free malware scan their devices. The scan duration depends on how many files the end user has.
  • CyberByte antivirus will show if any files are infected after the scan is finished.

If you are a victim of ransomware don’t think that if you pay, you will get your files.

Be safe, be smart.