Cybercriminals are abusing the name of a well-known travel website and spreading a new German-language ransomware directly as an email attachment.
Typically, ransomware is rarely distributed directly via email these days. Instead, ransomware gangs have for some time now preferred to use the services of Initial Access Brokers (IAB). IAB distribute malware through large-scale cyber campaigns and then resell access to compromised systems.
Ransomware Knight and Knight Lite
In the current case, however, the cybercriminals spread the Knight or Knight Lite ransomware (a renamed version of Cyclops Ransomware-as-a-Service) in several campaigns directly via email. This is what the security experts at Proofpoint discovered. In addition to German-language emails, the experts were able to discover emails in Italian and English as part of the campaign.
EN- – Knight Ransomware.jpg
The perpetrators misused the name of a well-known travel website as the supposed sender of the emails sent during the campaigns. The campaigns are particularly targeted at companies in the hospitality industry. The attackers primarily used the issue of invoicing as bait.
Ransoms of $5.000 – $15.000 demanded
The ransoms demanded by those behind the Knight ransomware range from $5.000 to $15.000, to be transferred in Bitcoin. The perpetrators provide further instructions in the form of a website that, in addition to instructions, also contains an email address that should be used to notify as soon as a payment has been received. There is currently no evidence that data is not only encrypted by the perpetrators, but also stolen.
More at Proofpoint.com
About Proofpoint
Proofpoint, Inc. is a leading cybersecurity company. The focus for Proofpoint is the protection of employees. Because these mean the greatest capital for a company, but also the greatest risk. With an integrated suite of cloud-based cybersecurity solutions, Proofpoint helps organizations around the world stop targeted threats, protect their data, and educate enterprise IT users about the risks of cyberattacks.