google-site-verification: google30a059f9a075f398.html

Rapid Ransomware Being Spread Using Fake IRS Malspam phishing campaign

CyberWisdom Safe Harbor Commentary on Rapid Ransomware:

A recent story from bleepingcomputer.com believes a revealing new variant of Rapid Ransomware is currently being distributed using malspam phishing campaign, pretending to be from the Internal Revenue Service. First discovered by Derek Knight, the sport is made up of a mixture of nations, the IRS is a U.S. entity, the United Kingdom’s e-mail address is sent, and the attachment to the junk e-mail is German.

This leaves me to believe no one author/hacker develop an deploy the Rapid Ransomware malware through malspam phishing campaign.

This malspam phishing campaign is sending email accounts such as “Please Note – IRS Emergency Message -164” and states that the recipient is behind the real estate tax. It then continues to tell the recipient to open the attachment for a summary report on the arrears

Rapid Ransomware Malspam

Attached to the email is a zip file called Notification- [number] .zip. There is a malicious document in these zip files, and the victim needs to click Enable Editing and click Enable to run the macro. When the macro is running, it will download the Rapid Ransomware executable and execute it.

Malicious Word document
Like the previous version, Rapid Ransomware will scan and encrypt data files on your computer. When you encrypt a file, it appends the .rapid extension to the name of the encrypted file. For example, a file named test.jpg will be encrypted and renamed as test.jpg.rapid.

Encrypted fast file
When Rapid Ransomware completes the computer’s encryption, it opens many recovery.txt redemption notes in Notepad. These ransom instructions tell the victim to contact decryptsupport@airmail.cc or supportlocker@firemail.cc to receive payment instructions.

Read More…

Rapid Ransomware, Destructive Malware Wreaks Havoc at PyeongChang 2018 Winter Olympics It’s 2018 and You Can Still p0wn Your Linux Box by Plugging in a USB Stick U.S. & UK Govt Sites Injected With Miners After Popular Script Was Hacked BitGrail Cryptocurrency Exchange Becomes Insolvent After Losing $170 Million Windows Defender ATP Getting Windows 7 SP1 and 8.1 Endpoint Agents This Summer Android Web Users Victims of Cryptojacking Campaign InsaneCrypt (desuCrypt) Decrypter Remove the Browser Opinion survey Advertisement Remove the Win an iPhone X Advertisement Remove Lineunex.com Browser Redirects Remove the Global System Mechanic System Optimizer PUP Remove Security Tool and SecurityTool (Uninstall Guide) How to remove Antivirus 2009 (Uninstall Instructions) How to Remove WinFixer / Virtumonde / Msevents / Trojan.vundo How to remove Google Redirects or the TDSS, TDL3, or Alureon rootkit using TDSSKiller Locky Ransomware Information, Help Guide, and FAQ CryptoLocker Ransomware Information Guide and FAQ CryptorBit and HowDecrypt Information Guide and FAQ CryptoDefense and How_Decrypt Ransomware Information Guide and FAQ How to Rename a Hyper-V Virtual Machine using PowerShell & Hyper-V Manager How to Install Hyper-V in Windows 10 How to Enable CPU Virtualization in Your Computer’s BIOS How to open a Windows 10 Elevated Command Prompt How to start Windows in Safe Mode How to remove a Trojan, Virus, Worm, or other Malware How to show hidden files in Windows 7 How to see hidden files in Windows A new variant of Rapid Ransomware is currently being distributed using malspam that pretends to be from the Internal Revenue Service. First detected by Derek Knight, this campaign is a mixup of countries with the IRS being a U.S. entity, the send being a UK email address, and the spam attachment being in German. This malspam campaign is being sent with emails subjects like “Please Note – IRS Urgent Message-164” and state that the recipient is behind in real estate taxes. It then goes on to tell the recipient to open the attachment to see a compiled report on how much is owed Attached to the email is a zip file called Notification-[number].zip. Inside these zip files is a malicious word document, where a victim needs to click on Enable Editing followed by Enable Content in order for the macros to run. When the macro runs, it will download the Rapid Ransomware executable and execute it. Engaging post, Read More…

thumbnail courtesy of bleepingcomputer.com


If you like to receive more of these curated safe harbor news alerts then subscribe to my mailing list. and come back soon at https://www.safeharboroncyber.com/Blog/ to read further CyberWisdom Safe Harbor Commentaries. Home » Curated SafeHarboronCyber’s CyberWisdom Post » Rapid Ransomware Being Spread Using Fake IRS Malspam phishing campaign

Add a Comment

Your email address will not be published. Required fields are marked *