Security vendor PhishMe has warned corporate employees using Dropbox to take extra precautions to avoid becoming a victim of a phishing attack in wake of new data that cybercriminals are sending out emails with malicious links on the popular file-sharing service.

PhishMe has uncovered evidence of a new ZIP file on Dropbox containing a screensaver, which is actually a ransomware similar to CryptoLocker. The users are tricked into clicking on the link through disguises, so that the link appears to point to an invoice or a fax report or message.

As soon as the user clicks on the link to the ZIP file, the screensaver file inside launches the malware that encrypts files on the user’s hard drive.

The user will then receive a page on their default browser with a demand of $500 in Bitcoins as ransom in the criminals’ electronic wallet, which doubles to $1, 000 after a certain amount of time has lapsed. The ransom demand and payment transactions are conducted over the Tor anonymity network.

About 20, 000 files are estimated to have been encrypted till now, which include documents, archive files, executables and JPEGs.

A random examination of three of the attackers’ wallets by PhishMe has revealed collection of at least $62,000 in ransom payments.
PhishMe’s employees also received the phishing emails, post which, it discovered the scam.