• Hacking News
    • Leaks
    • WikiLeaks
    • Anonymous
  • Tech
    • Android
    • Apple News
    • BlackBerry
    • Google News
    • Microsoft
    • Motorola
    • Nokia
    • Samsung
    • 3D
  • Cyber Crime
    • Phishing Scam
  • How To
  • Cyber Events
    • Censorship
    • Cyber Attacks
  • Security
    • Malware
  • Surveillance
    • Drones
    • NSA
    • Privacy
  • Explore
    • Gaming
    • Science
    • Viral
HackRead
  • January 28th, 2021
  • Home
  • Advertise
  • Privacy Policy
  • Contact Us
HackRead
  • Hacking News
    • Leaks
    • WikiLeaks
    • Anonymous
  • Tech
    • Android
    • Apple News
    • BlackBerry
    • Google News
    • Microsoft
    • Motorola
    • Nokia
    • Samsung
    • 3D
  • Cyber Crime
    • Phishing Scam
  • How To
  • Cyber Events
    • Censorship
    • Cyber Attacks
  • Security
    • Malware
  • Surveillance
    • Drones
    • NSA
    • Privacy
  • Explore
    • Gaming
    • Science
    • Viral
  • Follow us
    • Facebook
    • Twitter
    • Linkedin
    • Youtube
Home
Cyber Crime
Phishing Scam

Hackers delivering ransomware virus in package delivery e-mails

September 28th, 2015 Farzan Hussain Malware, Phishing Scam 0 comments
Hackers delivering ransomware virus in package delivery e-mails
Share on FacebookShare on Twitter

A new ransomware email campaign detected in the fake email messages sent by either PostNord or Post Denmark, identified as Cryptolocker2.

Hackers are targeting the Denish citizens with ransomware using a traditional method, which is by sending them an email message falsified to be delivered by Danish post office informing them that their package was unable to reach the destination, ultimately requiring the targeted victim to click on a provided link to read more information about the package.

[must url=”https://www.hackread.com/hackers-pedophiles-tox-ransomware/”]Hacker Targets Pedophiles with TOX Ransomware[/must]

Clicking on the provided link will redirect the victim to a website infected with a malicious script that automatically downloads an executable malicious file, “forsendelse.exe”, onto the system. Within a few minutes, that malicious file will be executed automatically encrypting the hard disk, all the data stored on it as well as the data found in the network-connected devices, then a message will pop up demanding a hefty ransom in order to decrypt and regain access to all the data.

All of the data locally stored in the hard disk will remain encrypted and the computer will be useless until the demanded payment has been made to the attackers.

The malicious code is so powerful that it even modifies the registry values of the “HKEY_LOCAL_MACHINE” so that the ransomware can autorun itself during the Windows start-up process. Furthermore, it also disables the anti-phishing filters through the registry.

The Cryptolocker2 encryption could also lead to a massive loss of data because the extension of all the files stored in the victim’s computer will be changed to “.encrypted” format. Furthermore, a new HTML file named “HOW_TO_RECOVER_FILES.html” will be created on the desktop, where all the instructions will be outlined so that the victim can make a payment and regain access to their data.

[must url=”https://www.hackread.com/breaking-bad-theme-crypto-malware/”]Internet users hit with Breaking Bad Theme Crypto-Malware[/must]

 

Andra Zaharia of the Heimdal Security has reported in a blog post that the attackers behind this ransomware campaign use multiple approaches to maintaining their anonymity such as the usage of several hosting providers to hide their traffic as well as the usage of Domain Generation Algorithm (DGA).

The ransomware code that is being used by hackers has been identified as Cryptolocker2 and has its own identity on the dark web, which is “crypt0l0cker.” It has been explicitly designed with a dodging technique using which it goes undetectable by the antivirus program.

According to Zaharia:

“Antivirus detection is extremely low in this campaign (VirusTotal score: 2/56), which makes it very dangerous to both home users and users in corporate environments.”

hackers-sending-ransomware-virus-emails

Keeping your system clean from ransomware email is not a rocket science. All you need to do is to NEVER click or download email attachments sent by unknown users.

  • Tags
  • Cryptolocker
  • emails
  • hacking
  • Malware
  • Phishing
  • Ransomware
  • Scams
  • security
  • virus
Facebook Twitter LinkedIn Pinterest
Previous article Social Experiment: What Happens When Your Child Falls for Fake Social Media Profiles
Next article Windows Registry now Providing Shelter to Destructive Kovter Malware
Farzan Hussain

Farzan Hussain

I am Mohammad Farzan! A technology and gadget enthusiast as well as a creative content writer with over six years of experience in writing engaging content. You will mostly find me writing occasional blog posts, designing websites, capturing photos, social networking and listening to music.

Related Posts
World's Most 'Resilient Malware' Botnet Emotet Taken Down

World's Most 'Resilient Malware' Botnet Emotet Taken Down

Watch out as new Android malware spreads through WhatsApp

Watch out as new Android malware spreads through WhatsApp

Gamarue malware found in UK Govt-funded laptops for homeschoolers

Gamarue malware found in UK Govt-funded laptops for homeschoolers

Newsletter

Get the best stories straight into your inbox!



Don’t worry, we don’t spam

Latest Posts
NetWalker ransomware disrupted - Cryptocurrency and domain seized
Cyber Crime

NetWalker ransomware disrupted - Cryptocurrency and domain seized

36
Transferring Whatsapp data from iPhone to Android with MobileTrans
How To

Transferring Whatsapp data from iPhone to Android with MobileTrans

25
World's Most 'Resilient Malware' Botnet Emotet Taken Down
Cyber Crime

World's Most 'Resilient Malware' Botnet Emotet Taken Down

69

HACKREAD is a News Platform that centers on InfoSec, Cyber Crime, Privacy, Surveillance and Hacking News with full-scale reviews on Social Media Platforms & Technology trends. Founded in 2011, HackRead is based in the United Kingdom.

Follow us