Ransomware, Phishing

Prince ransomware spread via Royal Mail lures

Share
Unknown vectors haunts ransomware plauybook

Few organizations in the U.S. and the UK have been targeted with the Prince ransomware in a phishing attack campaign involving the spoofing of UK postal service Royal Mail, reports The Record, a news site by cybersecurity firm Recorded Future.

Attackers purporting to be Royal Mail distributed malicious emails about a failed package delivery with a PDF attachment that included a link redirecting to a Dropbox-hosted ZIP file, which then facilitated the execution of Prince ransomware, according to a Proofpoint report. Additional analysis revealed the payload's lack of a decryption capability even if the ransom note claimed automated file decryption in exchange for $400 worth of cryptocurrency. "Based on the lack of a link to determine which user has paid to have their files decrypted, and which infected computer belongs to the user who paid, paired with the lack of communication instructions, this appears to be a destructive attack, with threat actors likely having no intention of decrypting any files, even if the victim paid. It is unclear whether this is a mistake by the threat actors or if the attack was deliberately designed to be destructive," said researchers.

An In-Depth Guide to Ransomware

Get essential knowledge and practical strategies to protect your organization from ransomware attacks.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms of Use and Privacy Policy.