Voice Message Malspam Arrives With Locky Ransomware

 Analysis by: Cedrick Ramos

Fake voicemail email notifications with malicious attachments and/or links appear to be in vogue with cybercriminals today, as our engineers have begun to receive samples of this type of spam campaign. Upon further analysis, each one leads to ransomware infection - specifically, Locky ransomware.

The spam arrives as follows: it notifies the reader that they've been left a voicemail by an unidentified source, and that they should check the mail out once they have the time. The mail then either leads them to a link where they can do just that, or an archive file attached to the mail itself where they can supposedly listen to the voice mail. Of course, upon clicking either the link or the attachment, the user is exposed to Locky ransomware, and such an event may compromise the user's system and the files stored in its memory.

All the aspects of this particular spam campaign, from the spammed mail variants to the payload and links, have been identified and blocked by our solutions. Trend Micro customers are protected from all elements in this spam campaign.

Users are once again reminded to never click on suspicious emails and the links/attachments that come with them.

 SPAM BLOCKING DATE / TIME: September 21, 2017 GMT-8
 TMASE INFO
  • ENGINE:8.0
  • PATTERN:3344