A newly discovered ransomware variant has been used in small, selectively targeted attacks aimed at healthcare and education, and manufacturing and technology, respectively.
Dubbed Defray and discovered by Proofpoint earlier this month, the malware appears to have been involved only in two attacks, distributed via Word documents attached to phishing emails. The campaigns consisted of only several messages each, while the lures were specifically crafted for the intended targets.
The Microsoft Word documents carrying the ransomware contain an embedded OLE packager shell object. When the victim opens the document, the malware is dropped in the %TEMP% folder, and a file named taskmgr.exe or explorer.exe is then executed.