Bogus Debt Invoice Mail Leads to TeslaCrypt Ransomware

 Analysis by: Catherine Loveria

Subject: Your Account has a debt and is past due

We found spam emails with the subject, Your account has a debt and is past due for its social engineering lure. The email has an attachment that supposedly contains the information of the customer's case. When unsuspecting users opened the attached .DOC file, a macro embedded in the document triggers the download of a ransomware variant. Trend Micro detects this as W2KM_CRYPTESLA.CQ.

We recommend users to be vigilant in opening emails such as this one. Verify first the validity of the email before executing any attachment. It is also suggested that to install a security software that can detect spammed emails as well as malicious files.

 SPAM BLOCKING DATE / TIME: December 16, 2015 GMT-8
 TMASE INFO
  • ENGINE:8.0
  • PATTERN:2006