Analyse vonCedrick Ramos

The Locky ransomware spam campaign appears to be in full force as we find not just one but two new samples of Locky-ridden spammed mails in this report. The first one arrives with the subject 'Emailed Invoice - [Random Number]' while the second one comes with the subject 'New Doc [yyyy-mm-dd] - Page [Random Number]' - subjects brief and terse enough that anyone unware might mistake them as casual business communication and thus legitimate. Both also arrive with zipped archive attachments, which when opened will trigger ransomware infection. Trend Micro customers are protected against this very threat, from the spammed mail to the malicious attachments themselves. 

Users are once more reminded to avoid clicking on suspicious links and file attachments, especially when they come from unknown mail senders.
 Spam gesperrt am/um:: 03 Oktober 2017 GMT-8
 TMASE
  • TMASE Engine::8.0
  • Patrón TMASE: 3370