New Ransomware Incorporates Phishing Tactic

A new ransomware variant, dubbed CryTekk, is using a phishing tactic in its attacks. Within their ransom note is an option to click the “Buy Now” button to use a major credit card to pay the ransom – allowing the victim to avoid paying via bitcoin, as is typically required. If the victim clicks the “Buy Now” button, they are redirected to a PayPal phishing website requesting the individual’s credit card information and, once the user clicks “Agree and Continue,” they are directed to a new page that prompts them to enter their personal information and again click “Agree and Continue.” The following page shows a “Your account access is fully restored!” confirmation window. All of the information provided in these pages are sent to the threat actor, allowing them to fraudulently use the victim’s payment card details at a cost far exceeding that of the initial ransom demand. The NJCCIC discourages victims from paying the ransom if impacted by a ransomware infection and, instead, ensure they have a comprehensive data backup plan. We recommend reviewing the MalwareBytes post for more information and the NJCCIC Ransomware Threat Profile for ransomware mitigation strategies.

AlertNJCCICRansomware, phishing