Hacker invaded Wyoming Medical Center
infosec

Hacker invaded Wyoming Medical Center

Hackers invaded Wyoming medical center systems forcing a hospital to cancel some surgeries, stop accepting ...
Read More
infosec

WeWork's WiFi network is leaking sensitive user information

WeWork WiFi vulnerabilities in the Manhattan-based company building which exposed sensitive company data, ...
Read More
infosec

Microsoft: The biggest risk for businesses is cyberattacks

According to a survey by Marsh and Microsoft, the biggest threat to businesses is cyberattacks. Nowadays,...
Read More
infosec

How to fix iOS 13 bugs in iPhone Mail app

If you have upgraded to iOS 13, then you may have discovered that the Mail app behaves a bit weird, which is ...
Read More
infosec

Check if your folders have malware with Windows Defender!

Windows comes with a free antivirus program, called Windows Defender, that offers continuous protection as well as the ability to ...
Read More
Latest Posts

False PayPal page spreads Nemty ransomware

ransomware

Researchers found that some hackers have created one false page, which is supposed to offer a formal application of PayPal. In fact, it aims at spreading a new variant of Nemty ransomware.

We've seen it lately various variants of this particular ransomware. It seems that the hackers behind it are constantly looking for new ways to share it with the unsuspecting users.

In the case of the fake Paypal page, the hackers try to attract them victims promising them a return 3-5% of purchases made through the payment system.

There are many indications that one can understand that this is scam. For example, many browsers mark the page as dangerous. However, there are many users who are unsuspecting and may fall into the trap of hackers and download and execute malicious software, known as «Cashback.exe».

The security researcher who discovered the new variant of Nemty ransomware and distributed it through the fake Paypal site is nao_sec. The researcher used the test environment AnyRun to run it malicious software and keep track of the problems it creates on infected systems.

The researcher found that ransomware needed approx seven minutes to encrypt the files of the victim. However, time may vary depending on system affected by ransomware.

The good thing is that the new variant is detected by most popular antivirus programs.

"Homoglyph" attack

If one does not pay much attention, then the page will look authentic. Hackers have tried hard to make the page as plausible as possible.

To make it even more convincing, the scammers use what is called «Homograph domain name spoofing» for its various links websitesuch as Help & Communication, Security and more.

Security researcher Vitali Kremez analyzed this variant of Nemty ransomware and found it to be 1.4 version.

The researcher observed that the control «IsRU», which checks if the infected computer is on Russia, Ukraine, Belarus, Kazakhstan or Tajikistan has changed. In this variant of ransomware, if the test results positive, then the systems are not infected (their files are not encrypted).

However, hackers are targeting other countries and they are in risk.

Nemty ransomware has been known lately. It's been circulating on hacking forums for quite some time now. However, the wider community learned about it in late August, when researcher Vitali Kremez discovered and published his findings.

How useful was this post?

Average rating / 5. Vote count:

Share
Do you have an opinion? Leave your comment.

The author allows you to copy his / her text only if you report the source (SecNews.gr), as an e-mail address (Live URL) of the article.
Updated on by
Absent Mia

About Absent Mia

Being your self, in a world that constantly tries to change you, is your greatest achievement

Reader Interactions

Leave a reply

Your email address is not published. Τα υποχρεωτικά πεδία σημειώνονται με *