Ziggo is local Dutch ISP, and phishing emails that contain Invoices “supposedly” from Ziggo were on the Internet for a while now, with a link to a ransomware variant known as “TorrentLocker.”
Ziggo is local Dutch ISP, and phishing emails that contain Invoices “supposedly” from Ziggo were on the Internet for a while now, with a link to a ransomware variant known as “TorrentLocker.”The same group was behind many other phishing scams, including the one using fake Dutch postal service emails imitating PostNL, back in 2014. Similar phishing emails with various kind of malware, and especially ransomware were commonly seen across the globe as SPAM emails.Continuous takedowns of the fake invoice domains forced the group to seize their activities in Netherlands near the end of 2014 but continued again in several other countries. They switched now from using the fake track and trace email message from postal services. They have started to use a new method of sending emails with fake invoices from a local Dutch ISP known as Ziggo.The phishing email is spreading alarmingly as a result that the TorrentLocker steals the friends and contacts address details of the victim's address book. The spread of virus steeply increases by targeting those new contacts also, and the chain effects afterward. Phishing emails are with a link to a fake Ziggo page that forces the user to download a ZIP file, which looks like an Invoice. The file is a javascript file, which will in turn executed by the recipient, and downloads the TorrentLocker Ransomware from a security compromised the website, probably on WordPress. Once the victims’ system and data are encrypted, it shows the screen using the name Crypt0L0cker for ransom payments.