Trend Labs – Threats today are designed to appeal to local audiences everywhere: two separate threats we’ve recently encountered show how ransomware is targeted towards users in specific countries; in these cases users in Turkey and Hungary were the targets.
First, we came across a notification email sent to Turkish users that talks about a billing update. Recipients are prompted to download and view the updated version of the invoice. Upon clicking on the links provided, users are directed to a website which prompts them to enter a CAPTCHA phrase and download the document. It’s also worth noting that any attempts of accessing the website with a modified link will result in the redirection to the official website, in attempt to avoid user suspicion.
