.ws ransomware is a new virus threat which has been detected in a worldwide attack. There is no information available about the hacking group behind it yet. The captured samples appear to target computer users from all regions. And even though the campaigns are active they appear to be spread using in a relatively low volume.
Such threats are often distributed via phishing e-mailberichten en malware-websites which pose as being sent by well-known companies or services. They will direct the victims into interacting with the dangerous content which will lead to the .ws ransomware deployment. To make them appear as more trustworthy or legitimate the addresses can be hosted on similar sounding domain names and security certificates.
Virus files can also be created by the hackers. The infections can be caused by kwaadaardige documenten which can include the most popular formats: spreadsheets, presentaties, tekstdocumenten en databases. When they are opened a pop-up prompt will ask the victims to enable the built-in scripts.
The other popular method is the creation of kwaadaardige installatiebestanden that are often downloaded by end users: nut van het systeem, creativiteit suites, productiviteit en office apps. Finally the infections can also be caused by browser hijackers which are dangerous versions of plugins made compatible with the most popular web browsers. They are often uploaded to the plugin repositories with fake user reviews and developer credentials. The files may also be uploaded to file sharing netwerken where legitimate and pirate content ..