Compromised Websites Hosting Troldesh Ransomware Samples

Compromised Websites Hosting Troldesh Ransomware Samples
Digital attackers are using multiple compromised websites in order to distribute samples of the Troldesh ransomware family.Sucuri Security observed malicious emails and services like social media spreading a URL in the form of a PHP file. Once clicked, the URL downloaded a JScript file to a victim’s downloader. This file, which specifically targeted Windows OS, arrived with the filename “Details of the order of JSC Airline Ural Airlines” translated into Russian, which suggests that digital attackers might have spoofed the airline in an attempt to trick customers.The JScript file was a host-based malware dropper that began prepping the co ..