Posted in Network Security; Tagged GlobeImposter, 726 ransomware, Blank Slate, malspam, Invoice NIC837385, campuslinne, maxmortgagenetwork, delimaslina, email spam, ransomware, bitcoin; Posted 9 months ago
Please Contact Us for questions about the acquisition, product support, or account management.here.
Over the past 24 hours, Nuspire Networks’s SAT team has been monitoring a spam campaign via our nuMail service. This campaign has been found attempting to deliver the GlobeImposter/726 ransomware to Nuspire customers with multiple, differing subject lines such as "Voice Message Attached from," "Voicemail From,” and "Invoice NIC837385." These emails contain a .ZIP attachment that contains a malicious .VBS script file.
Once the .VBS script file is unzipped and executed, the malware contacts one of the malicious domains preloaded into the script in order to download the ransomware payload. Once the ransomware is dropped onto the machine, it begins the encryption process and ultimately presents the user with a ransom screen that demands a 0.37 ($997.15) Bitcoin payment. As always, paying the ransom is never recommended and the best method for restoring files is a functioning backup solution.
Below are some Indicators of Compromise (IOC's) we were able to obtain.
Bitcoin Payment Address:
More information will be added as further developments arise.
Click here to learn more about nuMail, Nuspire’s Managed Enterprise Email service.