Ursnif Trojan is back and more malicious

Also known as Dreambot, this new variant can deploy ransomware GandCrab - a type of extortion code through Microsoft Word macros.

The researchers warned of a new wave of attacks with an information stealing Trojan called Ursnif using PowerShell and unnamed enforcement mechanisms, making detection more difficult.

Attack sequences start with emails that include a Word document containing malicious macro scripts.

Ursnif has been around for a while, initially focusing on stealing emails and online banking information from browsers. However, the Trojan has modules that extend its functionality and has recently been used to deploy other malware.

Researchers from Carbon Black observed a campaign spread over the past month, saying attack chains started with emails that included Word documents containing malicious macro scripts . Macros are designed to execute the encrypted PowerShell command stored in the Alternate Text field of an object within the document.

Document macros and PowerShell scripts have been widely abused to install malware on computers over the past few years because these features are available by default in Windows and Microsoft Office.

The virus informs that the file has been encrypted and requires payment of $ 2000 to be decoded.

After infiltrating the computer, ransomware GandCrab started encrypting the most valuable data stored on the system. After that, users can no longer access their files and be notified of the ransomware attack with ransom request messages in GDCB-DECRYPT.txt or similar file.

It is worth mentioning that ransomware determines a specific time period to be followed in order to execute the transaction or the amount will double. However, this is merely an attempt to intimidate the victims and must pay the ransom without clearly evaluating other possibilities.

The shape of encrypted files.

Experts warn, in the meantime, users should not download the email with attachments if it is unknown if the owner sent the mail. In the case of infected computers, important files encrypted and ransom hackers, users need to be calm and ask for the help of experts or use powerful antivirus software. Absolutely do not follow the instructions of criminals to pay the ransom, because there are other ways you can regain access to your files or use decoders developed by experts.