A new phishing campaign is leveraging the Phorpiex malware to distribute Global Group ransomware, targeting unsuspecting users with deceptive shortcut files. This sophisticated attack utilizes a unique offline encryption mode to evade detection and lock sensitive data, according to a recent report by HackRead.The campaign, active throughout 2024 and 2025, begins with emails containing attachments disguised as documents, often using double extensions like Document.doc.lnk. These are actually Windows shortcut files (.lnk) that, when clicked, employ Living off the Land techniques to run malicious commands using legitimate system tools like PowerShell. The final payload is Global Group ransomware, a successor to Mamona, which features a "mute" mode. This allows it to generate encryption keys locally and operate without an internet connection, making it capable of infecting offline computers. It uses the ChaCha20-Poly1305 encryption algorithm and attempts to delete volume shadow copies to prevent data recovery. The malware also includes a three-second timer using a ping command to 127.0.0.7 before self-deleting, leaving minimal evidence.This campaign highlights the effectiveness of simple social engineering tactics combined with advanced malware capabilities. The ability of Global Group ransomware to operate offline and actively target backups poses a significant threat to data security across various industries. Users are urged to exercise caution with unsolicited emails and attachments.Source: HackRead
Phishing, Ransomware
Phorpiex malware delivers global group ransomware via phishing

(Adobe Stock)
An In-Depth Guide to Ransomware
Get essential knowledge and practical strategies to protect your organization from ransomware attacks.
Get daily email updates
SC Media's daily must-read of the most current and pressing daily news
You can skip this ad in 5 seconds



