14 DAY TRIAL // Spear-phishing attacks have been observed in Denmark to aim at chiropractors and infect their systems with a piece of crypto-malware its author named PacMan.
The deceiving messages contain a link to Dropbox cloud where the new piece of ransomware is stored.
Ransomware has keylogging functionality
Once executed on the system, the malware starts locking files that are considered important for the user (documents, images and databases among them) and flashes a ransom message on the desktop when the operation completes.
Unlike other threats of the same kind, PacMan gives its victim 24 hours to pay the fee for the decryption code, or data remains encrypted forever.
Security researchers at CSIS security company have analyzed the malware and determined that it is developed in .NET and its code also includes keylogging capabilities.
They also found that one of PacMan’s functions is to constantly try to terminate the activity of certain tools in Windows (Task Manager, CMD, Regedit, msconfig, PowerShell, Windows Backup and System Restore) that could be used to remove it from the affected system.
The attacker may be a Danish national
The researchers say that the messages with the link to PacMan are “well-drafted” and “written in flawless Danish” by someone, possibly a Dane, with strong social engineering skills. Furthermore, the targets appear to be carefully selected.
Given the skills of the perpetrator, CSIS marks this incident as having a high risk, despite the targeted nature of the attack.
“This is partly due to the degree of social engineering that underlies the attack and partly to the destructive code that attempts to be installed on the victim's machine. This type of attack is likely to be successful with many other industries in Denmark and can thus be a threat to most businesses and public authorities,” says Peter Kruse, security specialist with the organization.