A spam campaign is touting the benefits of Visa Total Rewards as a lure to trick users into downloading Teslacrypt ransomware onto their computers.
Joji Hamada of Symantec explains in a post to the company’s Security Response blog that the fake emails come with an archive file attachment.
Once the ransomware payload has executed, a ransom message appears on the infected computer.
On a separate page, the malware authors demand a payment of 1.2 Bitcoins (approximately US$500) from the victim within 160 hours in order for the user to regain access to their encrypted files. If that transaction is not received or processed in time, the ransom doubles to US$1000.
The ransomware developers provide victims with instructions on how they can purchase Bitcoins to ensure the success of their attack. They also provide users with the option of decrypting one file for free.
A majority of the victims affected by this spam campaign are located in English-speaking countries, with the United Kingdom and the United States accounting for more than three-quarters (76 percent) of the fake emails’ distribution.
The spam campaign has been active since February 17. Hamada explains that the peak may have passed already. However, that’s not to say the Teslacrypt authors couldn’t renew the campaign’s vigor in the coming days or weeks.
Users should keep regular back-ups of their data as well as avoid opening files attached to suspicious emails.
For more information on how you can protect yourself against a ransomware attack, please click here.