Ukrainian authorities have warned of a ransomware campaign targeting Ukrainian organizations. The Ukrainian CERT stated that it has discovered phishing emails that have appeared to be sent from the Press Service of the Armed Forces of Ukraine. Recipients of the phishing emails are prompted to click on a malicious link embedded in the email that takes the user to a web page urging them to download a new version of PDF Reader. CERT-UA warned that downloading the PDF Reader will trigger a malicious executable.
The malware used in the attack, RomCom, was first identified by Palo Alto Networks last August. It is linked to the Cuba ransomware affiliate called Tropical Scorpius. The malware is a remote access Trojan that enables threat actors to perform a range of functions such as data exfiltration. Tropical Scorpius has used the Cuba ransomware to compromise or impact 27 organizations spanning multiple industries, such as government, manufacturing, transportation, retail, real estate, legal services, financial services, healthcare, and more.
Read More: Ukraine Warns of Cuba Ransomware Campaign