fbpx
Frame-14

Privacy Ninja

        • DATA PROTECTION

        • CYBERSECURITY

        • Penetration Testing

          Secure your network against various threat points. VA starts at only S$1,000, while VAPT starts at S$4,000. With Price Beat Guarantee!

        • API Penetration Testing
        • Enhance your digital security posture with our approach that identifies and addresses vulnerabilities within your API framework, ensuring robust protection against cyber threats targeting your digital interfaces.

        • On-Prem & Cloud Network Penetration Testing
        • Boost your network’s resilience with our assessment that uncovers security gaps, so you can strengthen your defences against sophisticated cyber threats targeting your network

        • Web Penetration Testing
        • Fortify your web presence with our specialised web app penetration testing service, designed to uncover and address vulnerabilities, ensuring your website stands resilient against online threats

        • Mobile Penetration Testing
        • Strengthen your mobile ecosystem’s resilience with our in-depth penetration testing service. From applications to underlying systems, we meticulously probe for vulnerabilities

        • Cyber Hygiene Training
        • Empower your team with essential cybersecurity knowledge, covering the latest vulnerabilities, best practices, and proactive defence strategies

        • Thick Client Penetration Testing
        • Elevate your application’s security with our thorough thick client penetration testing service. From standalone desktop applications to complex client-server systems, we meticulously probe for vulnerabilities to fortify your software against potential cyber threats.

        • Source Code Review
        • Ensure the integrity and security of your codebase with our comprehensive service, meticulously analysing code quality, identifying vulnerabilities, and optimising performance for various types of applications, scripts, plugins, and more

        • Email Spoofing Prevention
        • Check if your organisation’s email is vulnerable to hackers and put a stop to it. Receive your free test today!

        • Email Phishing Excercise
        • Strengthen your defense against email threats via simulated attacks that test and educate your team on spotting malicious emails, reducing breach risks and boosting security.

        • Cyber Essentials Bundle
        • Equip your organisation with essential cyber protection through our packages, featuring quarterly breached accounts monitoring, email phishing campaigns, cyber hygiene training, and more. LAUNCHING SOON.

Phishing Emails Deliver Spooky Zombie-themed MirCop Ransomware

Phishing Emails Deliver Spooky Zombie-themed MirCop Ransomware

A new phishing campaign pretending to be supply lists infects users with the MirCop ransomware that encrypts a target system in under fifteen minutes.

The actors begin the attack by sending an unsolicited email to the victim, supposedly following up on a previous arrangement about an order.

The email body contains a hyperlink to a Google Drive URL, which, if clicked, downloads an MHT file (webpage archive) onto the victim’s machine.

Also Read: The 5 Benefits Of Outsourcing Data Protection Officer Service

Google Drive serves to introduce legitimacy to the email and aligns very well with common day-to-day business practices.

For threat actors, simple but key choices like this can distinguish between the victim clicking the URL or sending the email to the spam folder.

Those who open the file can only see a blurred image of what is supposedly a supplier list, stamped and signed for an extra touch of legitimacy.

Blurred image of suppliers list
Blurred image of suppliers list

When the MHT file iis opened, it will download a RAR archive containing a .NET malware downloader from “hXXps://a[.]pomf[.]cat/gectpe.rar”.

The RAR archive contains an EXE file, which uses VBS scripts to drop and execute the MirCop payload onto the infected system.

The ransomware activates immediately and starts taking screenshots, locks files, changes the background to a horrid zombie-themed image, and offers victims instructions on what to do next.

Also Read: How To Prevent WhatsApp Hack: 7 Best Practices

Gory image background with instructions
Gory image background with instructions
Source: Cofense

According to Cofense, this whole process takes less than 15 minutes from the moment the victim opens the phishing email.

After that, the user is only allowed to open specific web browsers to communicate with the actors and arrange the payment of the ransom.

The actors are not interested in sneaking into the victim’s machine stealthily or staying there for long to conduct cyber-espionage or steal files for extortion.

On the contrary, the attack unfolds rapidly, and the source of trouble becomes quickly evident to the victim

An old but still dangerous strain

MicroCop is an old ransomware strain that used to deliver absurd ransom demands onto its victims.

That was until Michael Gillespie cracked its encryption and released a working decryptor for free.

We were unable to test if that old decryptor works with the payloads dropped in the most recent campaign, but it’s possible that it can still unlock the files.

Cofense says the same variant has been in circulation since June this year, so MicroCop is still out there, and people need to be cautious with handling unsolicited emails.

0 Comments

KEEP IN TOUCH

Subscribe to our mailing list to get free tips on Data Protection and Data Privacy updates weekly!

Personal Data Protection

REPORTING DATA BREACH TO PDPC?

We have assisted numerous companies to prepare proper and accurate reports to PDPC to minimise financial penalties.
×

Hello!

Click one of our contacts below to chat on WhatsApp

× Chat with us