Author: Tom Spring / Source: Threatpost | The first stop for security news
An investigation into a new strain of Jaff ransomware uncovered a shared backend infrastructure between the malware and a black market bazaar selling stolen bank and credit card account information.
Researchers at Heimdal Security said the cybercrime marketplace they found appeared mature, offering access to “tens of thousands of compromised bank accounts, complete with details about their balance, location and attached email address,” and suspect those behind the Jaff malware and the marketplace are linked.
“As we know, a ransomware attack never stops at just encrypting data. It also harvests as much information as possible about the victim. By combining these informational assets, cyber criminals are engaging in both the long game, required to monetize stolen card data, and in quick wins, such as targeted ransomware attacks, whose simpler business model yields a fast return on investment,” wrote Andra Zaharia, security evangelist.
Jaff has been on researchers’ radar screen a few short weeks, and has been behind a number of large-scale email campaigns each using a PDF attachment with an embedded Microsoft Word document functioning…
Click here to read more
