Wednesday, 12 July 2017

Targeted attack with PowerShell ransomware comes undetected


The undetected PowerShell ransomware was used to attack the popular German car dealer. The attack launched through the spear phishing email looked like a mail delivery notification.


The HTML message contains the image tag with the link used to notify the attacker about opening the email:

<img src="hxxp://joelosteel.gdn/wp-admin/open.php?M=824054&N=11&L=8">

The zip attachment contains JavaScript that starts PowerShell and executes the ransomware script.
The JS was not detected by any of the antiviruses when first uploaded.


See the detailed analysis of the PowerShell ransomware in the Acronis blog.

No comments:

Post a Comment