click to enlargeA new in-development ransomware has been discovered that not only encrypts your files, but also tries to steal your PayPal credentials with an included phishing page.
The ransomware itself is nothing special, but the ransom note is clever as it not only tries to steal your money through a normal bitcoin ransom payment but also offers a choice to pay via PayPal. If a user chooses to pay using PayPal, they will be brought to a phishing site that will then attempt to steal the victim's PayPal credentials.
This ransomware was discovered by MalwareHunterTeam and contains a ransom note that states the user can either pay via Bitcoins or use PayPal.
click to enlargeIf a user clicks on the PayPal Buy Now button, they will be brought to a phishing page that does a pretty good job of masquerading as what appears to be a legitimate PayPal page.
click to enlargeThe only difference is that if they submit their information, instead of it being sent to PayPal.com, it is sent to
http://ppyc-ve0rf.890m.com/s2[.]php, which then displays another form asking for your address and other personal information.
Ultimately, after filling in all the requested info, the phishing page states your account has been unlocked and redirects you to the normal PayPal login page, where you are prompted to log in.
As you can see, ransomware developers and criminals are utilizing trickier and smarter methods to steal money from their victims. It is important to always analyze any web pages that you visit before you enter your login credentials. If the address looks strange or does not match its content, do not enter your credentials and leave the page immediately.
source
