MalwareHunterTeam announced yesterday that a new ransomware hack is circulating that not only encrypts your files, but also tries to steal your PayPal credentials with an included phishing page. Once the victim’s data is locked, the victim is provided the option to pay the ransom with Bitcoin or PayPal. Because a far larger number of potential victims have active PayPal accounts than Bitcoin trading platforms, the intended target here is the person using PayPal.
If the victim chooses to pay using PayPal, the victim is led to a clever phishing site designed to steal the victim’s PayPal credentials. The logic here is simple: if the victim was gullible enough to fall into a ransomware trap in the first place, the victim will be at least as gullible (if not desperate) when it comes to paying the ransom. Here is a screenshot of the email:
If the victim opts for the PayPal Buy Now option, the victim will be brought to a phishing site that appears to be an authentic PayPal page:
When the victim submits his or her PayPal information on the phishing site, the victim is then redirected to a page requesting the victim’s address and other personal information.
After completing all the forms, the victim is told that his or her has been unlocked and redirects the victim to the normal PayPal login page, where the victim is prompted to login.
I’m Shocked: Gambling at Rick’s…
The upshot: Ransomware criminals are utilizing shrewder methods to steal money from their victims. This highlights the importance of analyzing any webpage that you visit before you enter login credentials. If the address looks strange or does not match its content, do not enter your credentials and leave the page immediately.