Skip to main content

New Ransomware Targets PayPal Users: What to Know

A new strain of encrypting ransomware adds insult to injury by letting you pay with PayPal -- and then tries to steal your personal details, your credit card number and your PayPal password.

Credit: ymgerman/Shutterstock

(Image credit: ymgerman/Shutterstock)

Spotted by the personnel at MalwareHunterTeam and first reported by Bleeping Computer, the ransomware itself is nothing special, except that it gives you the option of paying with a credit card via PayPal as well as the more traditional (as far as ransomware is concerned) Bitcoin choice.

But you're not really paying with PayPal. If you click on the ransom note's PayPal option, it takes you to a very well-done fake PayPal page that politely asks you to fill in first your credit card details, then your full name, address and date of birth, and finally your PayPal registered email address and password.

Note that if you are using the real PayPal, you should never be asked your date of birth.

In its Twitter feed, MalwareHunterTeam wondered aloud about what the ransomware creators were thinking.

"'If one gets infected with ransomware, maybe he will be enough smart to fall to the phishing too?' Or maybe 'It's the end of 2018, and no one did ransomware & phishing combination yet, time to do it!'?"

In any case, if you do run across this nasty new piece of ransomware, MalwareHunterTeam's Michael Gillespie has decryption keys that will free your files.