A malicious message, masking itself as a “Western Unioun” email, has been disturbing the PC users lately. The fake email claims that you have received a remittance and the information is attached alongside. However, as soon as you download the attachment, your computer gets infected with Teslacrypt ransomeware.
Most often, a computer gets infected with Teslacrypt via the attached zip, which contains a .js file to download malware. Usually, the spam email tricks the PC users to open the email via its subject.
“Subject: Money Transfer Notice
You have received a remittance, more information about the money transfer is in the
Money Order can be cashed at any branch or bank in Your city .
We are looking forward to hearing from You
Money Transfer Notification WU000076846526
WU2081747795.zip attachment contains files as:
The downloaded executable tries to make a remote connection to the following remote locations:
After encryption, the file names are appended with .micro extension. Then these Tor and Tor2Web gateways are given for decryption :
Despite the provocative content, computer users should be aware that these emails are NOT coming from Western Union nor are they coming “Western Unioun” and the attachments should NOT be downloaded. Otherwise, your files will be encrypted and you will either lose all the stored data on your PC, or you should pay the ransom for decrypting it.