Cybercriminals are using a massive phishing email campaign to scam victims into downloading a new form of ransomware called Reyptson, according to recent news reports.
If Reyptson encounters a computer with the Mozilla Thunderbird email application installed on it, the ransomware attempts to steal the victim’s contacts and send them phishing emails as well.
How it works
Upon successfully infecting a victim’s computer, Reyptson attempts to distribute itself through a spam email campaign. First, it checks to see if Thunderbird is running on the infected machine. If it is, the ransomware attempts to read the victim’s credentials and contacts. Once successful, the virus targets those individuals by sending them fake invoices.
“These spam emails will have a subject line of ‘Folcan S.L. Facturación’ and will contain a fake invoice,” Bleeping Computer security researcher Lawrence Abrams explained in a blog post. “This [email] is written in Spanish and tells the recipient to click on a link to download an invoice. When the recipient clicks on the link, it will download a file called factura.pdf.rar, which contains an executable. This executable will infect the user with the ransomware when it is opened.”
Stay one step ahead of cybercriminals
Users can protect themselves against Reyptson by implementing standard ransomware prevention strategies–such as avoiding suspicious emails—and focusing on user education. It’s also important to back up your digital files in case all else fails.