Phishing Emails Infect Users With MirCop Ransomware

November 5, 2021

A new phishing tactic is now used by attackers to infect unsuspecting users with the MirCop Ransomware.

In the attack, which happened in less than 15 minutes, attackers send an email with a hyperlink to a Google Drive URL to victims.

As soon as the hyperlink is clicked, an MHT file is downloaded to the computer of such a user. On the victim’s side, after downloading the file, he only sees a blurry picture of an alleged supplier list, stamped with a signature to prove its authenticity.

Unknown to the victim as soon as the MHT file is opened, a RAR archive containing a .NET malware downloader and an EXE file (uses VBS scripts to drop and execute the MirCop payload on the infected systems).

After that, this Ransomware comes alive and manifests itself through screenshots, locking files, changing the background to a zombie-themed image, and offers victims instructions on what to do next. Therefore, users are advised to be careful when handling unsolicited emails.

For more information, read the original story in Bleeping Computer.

Phishing Emails Infect Users With MirCop Ransomware

Top Stories

New Deepfakes Can Mimic Heartbeats, Evading Detection Tools

RBC Pushes Employees Back to Office to Preserve ‘Winning Culture’

Microsoft Azure Closes Cloud Gap with AWS as AI and Enterprise Migrations Fuel Growth

Sleeper Supply Chain Attack Activates After 6 Years

Dell has another major round of layoffs

One of the biggest data breaches ever, billions of users affected

Related Articles

65% of Canadians Still Reusing Passwords Despite Identity Theft Fears, Okta Study

Ottawa Warns of China-Linked Hack on Canadian Telecom Gear

Copilot Exploit Shows How AI Agents Can Be Hijacked to Steal Corporate Data

Sleeper Supply Chain Attack Activates After 6 Years

Jim Love

Follow Us

Popular categories

Tech News Delivered