A week after the appearance of the spam campaign, during which criminals simultaneously distributed two extortion programs – Locky and FakeGlobe, security researchers from Trend Micro recorded a new massive spam mail containing Locky extortion software.The number of malicious emails has already overcome the mark of several million.

As part of the campaign, Locky operators use several types of spam emails.The first is a forged letter allegedly from the company Herbalife International with an attachment in the form of an archive, disguised as a receipt.The second type of message also uses an archive to deliver malicious software, but in the sender’s column is simply a “copier” without any additional information in the text of the message.The third type of mail is masked by the notification of the voice mail service.

(Cyber Security Services in India, Ethical Hacking Training Companies in India)

All letters contain an archive with the extension .7z.In the archive there is a malicious VBS script that, when executed, downloads the Locky extortion software onto the user’s computer.

According to researchers, Chile, Japan, India and the United States have become the main targets of attacks by intruders.The share of Russia on average accounted for 6% of the total number of attacks.

While the functionality of Locky remains unchanged, the scale of attacks and the speed of distribution of extortion software indicate the particular effectiveness of spam as a method of delivery of extortion programs, the researchers note.