Our advanced threat intelligence activity has uncovered a ransomware campaign using fake FCI (Food Corporation of India) job offers as bait. Through immediate intervention, we've ensured the resilience and security of your organization's digital environment. To bolster our defenses, we've analyzed this malware and developed comprehensive use cases to prevent future occurrences across various contexts. We extend our sincere gratitude to our dedicated cybersecurity team for their unwavering commitment and expertise in safeguarding our systems through cutting-edge cybersecurity and cyber defense services.
A recent ransomware campaign has come to light, one that relies on fake Food Corporation of India (FCI) job offers to trick unsuspecting individuals. The attackers craft convincing recruitment documents that look legitimate—complete with vacancy details, eligibility criteria, and exam processes—while secretly embedding malicious payloads. When opened, these documents execute hidden code that unleashes a multi-stage attack designed to bypass detection and compromise systems.
At the core of this campaign is a PyInstaller-based executable disguised as a job notification file. Once activated, it unpacks into multiple Python-compiled components capable of monitoring system activity and establishing stealthy network connections. The ransomware eventually connects to a remote command-and-control server, using everyday platforms to disguise malicious traffic. From there, attackers gain the ability to issue commands for privilege escalation, credential theft, screen manipulation, webcam access, forced shutdowns, and ultimately, data encryption. In more destructive variants, it can even damage the system’s master boot record, leaving devices inoperable and demanding cryptocurrency payments to restore access.
This case illustrates how cybercriminals are evolving—blending social engineering with multi-layered technical sophistication. While many of the tactics are designed to evade traditional defenses, our cybersecurity framework is always updated with these emerging threats. We have already uploaded this ransomware case into our system, developing detailed use cases and defense strategies to ensure our clients are protected against similar attacks across different scenarios.
Our cybersecurity team remains vigilant and proactive, ensuring that every new discovery is translated into actionable insights and protective measures. Their commitment means that even as attackers become more creative, your organization’s digital environment remains resilient, secure, and prepared for the unexpected.
Inovasys, founded in 2014, has been a leader in providing advanced technology solutions. By 2020, it became known as a service provider. The company aims to be the best partner for businesses looking to improve their operations with digital technology.