Picus Security Warns of Cryptolocker Ransomware Disguised as Turkcell Invoice

Cybersecurity firm Picus Security has identified a new, high-risk cyber threat where the Cryptolocker ransomware is being distributed disguised as invoices from Turkcell, Turkey's largest mobile operator. The attack wave, first observed on June 30th, entices victims by presenting an urgent and high invoice balance, prompting them to click fake payment links embedded in emails.

These emails mimic Turkcell's billing information. Upon clicking the embedded link, users are redirected to fraudulent websites, such as iturkcell.net and turkcell-efatura.com, which closely resemble Turkcell's legitimate online presence.

Victims who proceed to enter requested security codes on these fake sites are prompted to download an "invoice zip" file. This archive contains the Cryptolocker ransomware. Picus Security updated its threat intelligence database on July 2nd, 2015, incorporating multiple attack vectors associated with this threat, including four domains and two variants of the ransomware in ZIP and EXE file formats.

Picus Security offers its clients the ability to test their network security systems against such threats. Their platform maintains an up-to-date cyber-attack database, allowing organizations to assess their resilience against Cryptolocker and over 1,000 other high-risk cyber threats. The company suggests interested parties contact them for a demonstration of their platform's capabilities.