Nemty Ransomware Infests Bogus PayPal Site



NEMTY-RansomwareBleepingComputer describes a PayPal phishing site that’s delivering a new strain of Nemty ransomware. The attackers used Unicode characters from different alphabets to make their URL look like PayPal’s legitimate domain.

The slickly designed web page offers users a 3-5% return on PayPal transactions if they download an official PayPal browser extension. Users who click the download button will receive a file named “cashback.exe.” Running this executable will infect the user’s system with the ransomware.

Nemty ransomware has been around for a while, but it began attracting attention last month. It was recently observed spreading via the RIG exploit kit, and it may have been going after exposed RDP connections. The PayPal phishing site suggests that Nemty’s operators are interested in using multiple channels of distribution.

Ransomware is a very profitable criminal enterprise and attackers have high incentive to improve their tactics. We need hardly mention how widely used PayPal is, both for personal and business transactions. Social engineering is the most reliable and effective way to get malware onto your network.

New-school security awareness training can help your employees defend themselves against these attacks and keep your organization safe. BleepingComputer has the story: https://www.bleepingcomputer.com/news/security/fake-paypal-site-spreads-nemty-ransomware/


Discover dangerous look-alike domains that could be used against you! 

Since look-alike domains are a dangerous vector for phishing attacks, it's top priority that you monitor for potentially harmful domains that can spoof your domain.

Our Domain Doppelgänger tool makes it easy for you to identify your potential "evil domain twins" and combines the search, discovery, reporting, risk indicators, and end-user assessment with training so you can take action now.

DomainDoppelgangerResults-1Here's how it's done:

  • Get detailed results of look-alike domains found similar to your primary email domain
  • You can now quiz your users with your look-alike results
  • Get a summary PDF that contains an overview of the look-alike domains and associated risk levels discovered during the analysis
  • It only takes a few minutes to discover your “evil domain twins”!

Find Your Look-Alike Domains!

PS: Don't like to click on redirected buttons? Cut & Paste this link in your browser:

https://www.knowbe4.com/domain-doppelganger



Subscribe to Our Blog


Comprehensive Anti-Phishing Guide




Get the latest about social engineering

Subscribe to CyberheistNews