Mandiant Name Used in Aggressive Scareware/Ransomware Scam to Spread Malware and Extort Money
Mandiant is a company responsible for connecting China to several targeted campaigns against U.S. companies and has recently been the brunt of a scareware scheme that attempts to extort money from unsuspecting victims.
In this recent scam, Mandiant is utilized as the alleged entity supposedly reporting the detection of illegal activities in a ransomware message presented on systems infected with malware. This ransomware scam, which we identified as the Mandiant U.S.A. Cyber Security Ransomware, displays a ghastly message as a pop-up on one's system asking that they pay a fine for alleged illegal activities.
The Mandiant ransomware threat, similar to that of an onslaught of FBI, Interpol and USA Cyber Crime Center exploited messages, is known to lock up an infected system and continually ask that a fine be paid through means of Moneypak, Ukash or other e-payment services.
Little do the computer users confronted with the Mandiant ransomware message know, it is completely baseless and it is not from the actual Mandiant company as demonstrated in Figure 1 below. Typically ransomware threats as of late have used many well-known legitimate law enforcement and cyber security entities presented as the issuer of the ransomware message.
Figure 1. Actual representation of Mandiant Ransomware message pop-up threat
Currently, the Mandiant ransomware threat is spreading throughout vulnerable systems primarily by means of a Trojan. Of course, the controversy surrounding the Mandiant publicizing a report back in February exposing groups reportedly controlled by the Chinese government conducting cyberespionage and spying operations makes matters worse in how Mandiant-loaded message can draw attention for PC users around the world.
The FBI has been on the move with issuing many warnings of ransomware attacks in the recent years. New ransomware attacks have evolved into much more sophisticated attacks where they may encrypt files or use other controversial subject matters such as claiming to be sourced from Mandiant.
A particular Trojan, dubbed Shadowlock Trojan, was recently identified as a culprit in a recent rash of similar attacks. The Shadowlock Trojan is an infection that locks up systems and forces the user to take an online survey. Symantec has even found where they detected a music file in the form of a simple tone of the melody from the movie "Close Encounters of the Third Kind."
The Shadowlock Trojan, suspected to be a virtual door opener for ransomware threats, is prone to shutting down web browser applications and disable system tools, which would essentially allow a tech-savvy PC user to put a stop to these malicious operations. This Trojan reiterates how sophisticated malware and specifically ransomware threats are becoming.
Fortunately, the Mandiant Ransomware and Shadowlock Trojan are not widespread yet but very well could be evolved to infect a multitude of systems in the near future.
Leave a Reply
Please note that we are not able to assist with billing and support issues regarding SpyHunter or other products. If you're having issues with SpyHunter, please get in touch with SpyHunter customer support through your SpyHunter . If you have SpyHunter billing questions, we recommend you check the Billing FAQ. For general suggestions or feedback, contact us.