Skip Ribbon Commands
Skip to main content
Computer Emergency Response Team of Mauritius (CERT-MU)
Computer Emergency Response Team of Mauritius>Major Malspam Campaign Pushing Locky Ransomware Via Spoofed Internal Email Addresses

Major Malspam Campaign Pushing Locky Ransomware Via Spoofed Internal Email Addresses


Security researchers have discovered a large malspam campaign using spoofed email addresses to infect recipients with Locky ransomware. About 20 million attacks have already been detected. From initial analysis, it seems that the bot behind the campaign is able to generate fake email addresses that make it look as if the email is arriving internally from the recipient’s own organization. This will make people to trust it and will be more likely to click on it. The emails come with a 7-zip attachment that purports to be documentation related to a business payment, but actually contains a malicious JavaScript file. The zip archive file concealed malicious .JS malware, a tactic that has been observed recently in a recent wave of Locky malspam campaigns.
The malspam emails’ subject line includes a date, followed by a random number, which is also characteristic of the recent Locky attacks. It is to be noted that after further analysis, security researchers are now officially confirming that the malware is in the Locky family. 
Source:
SC Magazine
Team Cymru
Contact Information
Postal address
Mauritian Computer Emergency Response Team (CERT-MU)
National Computer Board
7th Floor, Stratton Court
La Poudriere Street
Port Louis