Ransoc Malware that uses Social Networks for a Customized Attack

Security researchers at Proofpoint uncovered new type of Ransomware ( Ransoc ) which is the preferred malware by cyber criminals. The new variant will exploit social media and Skype personal information to trick users and make them pay attackers.

This variant will not encrypt files as usual ransomware but instead it will display a full screen web application that will prevent users from running any application or make any change to the system without submitting a payment.
After analyzing the malware in sandbox Ransoc will use Tor network for sending information and traffic to attackers. Also the malware will interact with to Skype, LinkedIn, and Facebook profiles to use victim information into the displayed message.


Ransoc Malware Message after infecting users

Victim social media profile is going to be displayed among attacker message which will make it looks more legitimate and for each user there will be a new message to convince victim in making the money transfer. You can find the Indicators of Compromise (IOCs) in proofpoint public post.

Notify of
Inline Feedbacks
View all comments