We have observed a recent spike in spam in Russian language. The spammed message delivers a SHADE ransomware variant via embedded link in the attached .PDF. Upon investigation, this campaign used compromised websites in the .PDF. When accessed, it downloads the archive file. The attached .PDF looks like the following:
The URLs which the malware connects to may have any of the following:
The downloaded ransomware is detected as TROJ_FRS.VSN0FB19. Users are advised to carefully check unsolicited emails and always exercise caution before opening any attachments or clicking on URLs to avoid being infected with malware. Trend Micro users are already protected from these spam emails. Recipients of this spam are advised to ignore them.
SPAM BLOCKING DATE / TIME: February 13, 2019 GMT-8