“Payroll Received by Intuit” A spam that brings Cryptowall to Your System

securitymalware

New spamming message have been spotted by Dynamo’s Blog that attach Cryptowall malware. the virus is a Trojan horse that infect windows operating system and uses RSA2048 encryption to encrypt victims data. this to prevent users from opening their files and provide cyber criminal a control on infected system. If the victim will not make an online payment files are going to be destroyed.

The email claims to be about a successful payment that users made while attaching a copy of victims Remittance. Obviously this email is attaching a zipped copy of Cryptowall that takes executable form. only 9 antivirus on Virus total identify the file to be malicious.

Analysis Results Title Remittance___CopyDecrypt instruction by Cyber criminal for Cryptowall

Within the decrypt instruction attackers are asking victims to use Tor network and Bitcoins for better protecting compromised systems , money and encryption keys from law enforcement. Tor  will complicate tracking cybercriminals while Bitcoins makes it hard to track money transfer.

To protect your system be sure to never open attachments/emails from untrusted sources, update your security software and make sure to have a backup for your important files that will be stored in a safe place.

Share