Wednesday, 12 July 2017
Targeted attack with PowerShell ransomware comes undetected
The undetected PowerShell ransomware was used to attack the popular German car dealer. The attack launched through the spear phishing email looked like a mail delivery notification.
The HTML message contains the image tag with the link used to notify the attacker about opening the email:
The JS was not detected by any of the antiviruses when first uploaded.
See the detailed analysis of the PowerShell ransomware in the Acronis blog.