Author Topic: Japanese companies hit by month long ransomware attacks  (Read 23 times)

Offline Nusrat Jahan Momo

  • Jr. Member
  • **
  • Posts: 56
  • Test
    • View Profile
Japanese companies hit by month long ransomware attacks
« on: November 20, 2017, 03:27:52 PM »
ONI goes phishing

It all started when security firm Cybereason analyzed some computers that were infected with a ransomware called ONI. This ransomware has been analyzed before, but it was not understood how the ONI victims were being infected. After analysis by Cybereason researchers, it was discovered that the infected computers had also been previously targeted by a spear phishing campaign that installs a RAT, or Remote Access Trojan, on the victim's computer.

These phishing emails pretend to be receipts that contain a zip attachment with a malicious Word document inside it. When a user opens the document and enables macros, a VBScript script will be launched that downloads and install a copy of the Ammyy Admin RAT onto the infected computer.

By Lawrence Abrams