Fake Amazon emails Contain Locky Ransomware

 Analysis by: Johnliz Frederick Ortiz

 Because of the holiday season, people become more active in online shopping. Cybercriminals also see this as an opportunity to ride the hype and take advantage of this situation. In this case, an email is sent to users claiming to be from Amazon. The email has an attached file that's supposedly contains delivery information. However, the file attached is actually malicious.

The zip file attached to the email contains a variant of  LOCKY Ransomware. If the file is unzipped and opened, LOCKY encrypts most of the users' files and will ask for ransom. Users affected by this malware may not be able open any encrypted file and would be coerced into paying the ransom.

Because people are usually doing online shopping during this season, users may think that the email is legitimate. Spammers often spoof the name of trusted companies to make their emails more convincing.

To avoid downloading malware through spam, avoid downloading any attachment or clicking on links in the email. 

Trend Micro customers are protected from all elements of this threat
 SPAM BLOCKING DATE / TIME: November 24, 2016 GMT-8
  • PATTERN:2720