![]() |
| We Are Encrypting Your Files For Driving Fast: New Ransomware Campaign |
IT Security Firm Sophos Labs has identified a phishing or more precisely, ransomware campaign where you download ransomware just because you drove Fast. Don't panic, We know you didn't but that's what the email from FAKE Office of State Revenue in New South Wales, Australia says.
The email claims that you drove too Fast and you have to pay a penalty for that within the given date.
![]() |
| The Email (Image By: Sophos Labs) |
The scammers did a clever trick by encoding the location just by a number. They also are not able to show your registration number. ( Doubt 1)
Another trick is that they have showed a time of the day when people generally don't drive. So many of the people will be shocked to see this and will surely act something to check if this has been done by any mistake. (Doubt 2)
Small portion of Victims will notice that the word "offence" is written in two way. And the Penalty Notice number is different in two places.(Doubt 3)
![]() |
| Different Penalty Notice number and Spelling Mistake (Image By: Sophos Labs) |
After victim click the "Act Now" button in the message, they are taken to a download portal resembling the official page of State Debt Recovery Office (SDRO). But here the attackers have added a CAPTCHA feature instead of the "SPAM ALERT" normal people see in the Original SDRO website. Original SDRO has included that alert perhaps for this kind of attack. So think every time before you do something online. (Doubt 4)
![]() |
| FAKE download portal of SDRO (Image By: Sophos Labs) |
![]() |
| ORIGINAL download portal of SDRO (Image By: Sophos Labs) |
After the victim download the file named "offence_id_37984264.zip" under which they find a executable file named "offence_id_37984264.exe" (Doubt 5)
After Executing, it presents itself as Cryptolocker though this is a simple ransomware. It can't be CrytoLocker as US-led takedown operation managed to confiscate the servers it used to generate and store the decryption keys. Report says that, in UK alone, 1 out of 30 users' computer is infected by Cryptolocker and 40% of them generally paid up to have their 'precious' files again.
![]() |
| The Ransomware (Image By: Sophos Labs) |
The Ransomware has a handy FAQ section, Sophos Labs reported. At the final step,similar to the other ransomwares, victims are required to Pay US$500 within 120hours and in case of delay the amount jumps to US$1000.
Nowadays Ransomwares generally come with a feature called "Decrypt Single File". It has been included by the developers as to make the victim believe that they really can decrypt victims' files by taking money.
A common "feature" of recent ransomware, shown above, is the option to decrypt a single file for free – a crooked version of "try before you buy" aimed at convincing you that the crooks really do have your decryption key, but without giving you so much as a hint what that key might be.
So if you noticed those 5 Doubts before we gave hint on them then may be your computer will hardly get ransomwared ever. If you did not don't get upset. It's Hack Intel's responsibility to make you aware and smart about this kind of attacks. The more you witness the more secured you become.So keep visiting Hack Intel to be in the safe side.
Source: Original Article by Sophos Labs





0 comments:
Post a Comment