We have identified a new drive-by download campaign that distributes the Princess ransomware (AKA PrincessLocker), leveraging compromised websites and the RIG exploit kit. This is somewhat of a change for those tracking malvertising campaigns and their payloads.
We had analyzed the PrincessLocker ransomware last November and pointed out that despite similarities with Cerber’s onion page, the actual code was much different. A new payment page seemed to have been seen in underground forums and is now being used with attacks in the wild.
Leave a reply