Image

Image

Image

"As usual, the zip attachments are double-zipped, and they contain a .js file designed to infect a Windows computer with ransomware. I saw two types of .js files. One was about 9 kB in size, and it ran the downloaded ransomware from the user's AppData\Local\Temp directory. The other type of .js file was about 31 kB in size, and it ran the downloaded ransomware from the user's AppData\Roaming\Microsoft\Windows\Templates directory."Specifically, this campaign is know for running one of two types of ransomware: Cerber and GlobeImposter. Binaries for the threats usually download from a domain name ending in .top. Whichever ransomware strikes then proceeds to encrypt the user's files before demanding a ransom. To protect against this evolving campaign, users should exercise caution around emails with subject lines that contain random numbers and letters. They should also think twice about clicking on suspicious links and email attachments. For added protection, they should run an anti-virus solution on their machines and back up their data regularly.