Locky campaign uses fake ISP complaints to deliver malware

Nov 23, 2016 | 6:05 pm

Published by | Chandan Singh

ransomware-cyberops-infosec

Inside a new twist that plays on the long-time battle between ISPs and spam operators, a security researcher found a new malware campaign sending email messages that masquerade as INTERNET SERVICE PROVIDER complaints claiming recipients’ computer systems have been detected mailing spam.

The campaign affects to victims with the Locky ransomware via weaponized email attachments that claims to contain logs of fake emails sent by the e-mail recipient, in line with the My personal Online Security blog. The ransomware campaign mostly focuses on small and medium-size businesses (SMB). The campaign, in the beginning, used the .THOR document extension, according to Bleeping Computer founder Lawrence Abrams. My Online Security owner Derek Knight uncovered the campaign, Abrams wrote.

Quickly after the malicious marketing campaign was disclosed, My On-line Security published an upgrade stating that Locky experienced switched to the protected file extension. AESIR. Previously this year, My On-line Security uncovered an “almost impossible to detect” PayPal phishing campaign that took login credentials.

Source: scmagazine.com