We all love our spooky moments, but when our device’s background suddenly changes to a zombie-themed image and instructions on what to do next, things get quite serious and frightening.
This is exactly what’s happening now as a new phishing campaign pretending to provide supply lists is preying on users and infecting their devices with the MirCop ransomware that encrypts their system.
15 minutes may not seem much, but it’s enough time for the encryption process to take place. What is this attack and how is it implemented? Read on and find out.
MirCop Ransomware – CyberHorror at its Best
Before we dive into the recent malware attack, let us state some facts to show you how serious this is.
Ransomware is not something to be taken lightly, and this year had its fair share of such incidents. In fact, 1,097 organizations were hit by ransomware attacks in the first half of 2021 only.
This is a big step up for attackers if compared to the total 2020 incidents. The recent MirCop ransomware targets victims by sending an unsolicited email, pretending to be following up on a previous order.
Within the email, victims will find a hyperlink to a Google Drive URL. The perfect strategy to lure them in as Google Drive is considered to be very legitimate, trusted, and popular with common day-to-day business practices.
Once they click on the link, an MHT file will be downloaded onto the user’s device. When they open the file, nothing harmless seems to be present.
In fact, what they see is a blurred image of a supplier list, stamped and signed. Talk about increasing trust and legitimacy.
What may look like a legit list on the surface is actually working its magic behind the scenes. The file will download a RAR archive containing a .NET malware downloader from “hXXps://a[.]pomf[.]cat/gectpe.rar”.
Moreover, the file has an EXE file that contains VBS scripts to implement the MirCop payload onto the infected system.
The Horrifying Malware Strikes
Once implemented, the malware starts performing actions like locking files, taking screenshots, and finally changing the background to a zombie-themed image with instructions on what to do next.
If you thought the image above was scary, check the demands and threats within it. Not to mention the complete inability to do anything.
All the attackers allow the victims to do is access specific web browsers to communicate with them and arrange the payment process.
Your Device Has Been Zombified
The intention behind the malware is pretty simple. No, the attackers are not after harvesting the victims’ data without being noticed.
On the contrary, the attack unfolds rapidly, and the attackers make themselves known on the spot, demanding a certain ransom in return.
When it comes to links sent by email, things get a bit dangerous, especially if you’re not sure about the source.
All you have to do is avoid clicking anything. Just visit the source’s official website and you’ll save yourself from such a predicament.