At The Identity Organisation, we're here to help!

    Or drop us a mail!

    Your privacy is important to us, and we want to communicate with you in a way which has your consent and which is in line with UK Law on data protection. As a result of a change in UK law on 25th May 2018, by providing us with your personal details you consent to us processing your data in line with current GDPR requirements.

    Here is where you can review our Privacy & GDPR Statement

    To remove consent at any time, please e-mail info@tidorg.com with the word "unsubscribe" as the subject.

    +44 (0) 1628 308038 info@tidorg.com

    Phishing emails deliver spooky zombie-themed MirCop ransomware

    Phishing Attack

    A new phishing campaign pretending to be supply lists infects users with the MirCop ransomware that encrypts a target system in under fifteen minutes.

    The actors begin the attack by sending an unsolicited email to the victim, supposedly following up on a previous arrangement about an order.

    The email body contains a hyperlink to a Google Drive URL, which, if clicked, downloads an MHT file (webpage archive) onto the victim’s machine.

    Google Drive serves to introduce legitimacy to the email and aligns very well with common day-to-day business practices.

    For threat actors, simple but key choices like this can distinguish between the victim clicking the URL or sending the email to the spam folder.

    Those who open the file can only see a blurred image of what is supposedly a supplier list, stamped and signed for an extra touch of legitimacy.

    Blurred image of suppliers list
    Blurred image of suppliers list

    When the MHT file iis opened, it will download a RAR archive containing a .NET malware downloader from “hXXps://a[.]pomf[.]cat/gectpe.rar”.

    The RAR archive contains an EXE file, which uses VBS scripts to drop and execute the MirCop payload onto the infected system.

    The ransomware activates immediately and starts taking screenshots, locks files, changes the background to a horrid zombie-themed image, and offers victims instructions on what to do next.

    According to Cofense, this whole process takes less than 15 minutes from the moment the victim opens the phishing email.

    After that, the user is only allowed to open specific web browsers to communicate with the actors and arrange the payment of the ransom.

    The actors are not interested in sneaking into the victim’s machine stealthily or staying there for long to conduct cyber-espionage or steal files for extortion.

    On the contrary, the attack unfolds rapidly, and the source of trouble becomes quickly evident to the victim.

    Security Awareness Training is the means by which organizations teach users how to stay in that ever-vigilant mode when interacting with email and the web. By doing so, instead of taking everything at face value and believe it by default, users interact with unfamiliar content like this in a far-more scrutinizing manner and are less likely to become victims.

    With thanks to the Cyber Defence Alliance and Bleeping Computer. The full story is here: https://www.bleepingcomputer.com/news/security/phishing-emails-deliver-spooky-zombie-themed-mircop-ransomware/

    Free Phish Alert Button

    Do your users know what to do when they receive a phishing email? KnowBe4’s Phish Alert Button gives your users a safe way to forward email threats to the security team for analysis and deletes the email from the user’s inbox to prevent future exposure. All with just one click! Phish Alert benefits: 

    home-KnowBe4-Phish-Alert-2

    Here’s how it works:

    • Reinforces your organization’s security culture
    • Users can report suspicious emails with just one click
    • Incident Response gets early phishing alerts from users, creating a network of “sensors”
    • Email is deleted from the user’s inbox to prevent future exposure
    • Easy deployment via MSI file for Outlook, G Suite deployment for Gmail (Chrome)
    Get Your Phish Alert Button!

    PS: Don’t like to click on redirected buttons? Cut & Paste this link in your browser: https://info.knowbe4.com/free-phish-alert-partner?partnerid=001a000001lWEoJAAWEdit This Most Recent Posts

    Sign Up to the TIO Intel Alerts!

    Back To Top