Some cybercriminals are taking an “in for a penny in for a pound” approach with a new ransomware campaign that is now under development.
MalwareHunterTeam discovered the ransomware and the fact the malicious actors kindly offer several forms of payment to obtain the decrytption key, including PayPal. However, if the victim chooses PayPal and follows the link provided they will end up on a phishing page where their account login credentials are stolen. When the target hits send a clue becomes evident that something is amiss. Instead of going to PayPal the payment goes to https://ppyc-ve0rf.890m.com/s2[.]php, which is one of the few clues that something is amiss.
The fake PayPal account page also asks for the victim to confirm the details of the credit card they have associated with that account so the bad guys also get this information.
MalwareHunterTeam did not have an explanation for this practice, nor did it say whether or not a decryption key was supplied after the victims are stripped of their information.
"If one gets infected with ransomware, maybe he will be enough smart to fall to the phishing too?" Or maybe "It's the end of 2018, and no one did ransomware & phishing combination yet, time to do it!" MalwareHunterTeam tweeted.