A new phishing tactic is now used by attackers to infect unsuspecting users with the MirCop Ransomware.
In the attack, which happened in less than 15 minutes, attackers send an email with a hyperlink to a Google Drive URL to victims.
As soon as the hyperlink is clicked, an MHT file is downloaded to the computer of such a user. On the victim’s side, after downloading the file, he only sees a blurry picture of an alleged supplier list, stamped with a signature to prove its authenticity.
Unknown to the victim as soon as the MHT file is opened, a RAR archive containing a .NET malware downloader and an EXE file (uses VBS scripts to drop and execute the MirCop payload on the infected systems).
After that, this Ransomware comes alive and manifests itself through screenshots, locking files, changing the background to a zombie-themed image, and offers victims instructions on what to do next. Therefore, users are advised to be careful when handling unsolicited emails.
For more information, read the original story in Bleeping Computer.
