MALWARE SPAM: Multiple subjects and attachments deliverid Locky ransomware

Loads and loads of Locky ransomware emails overnight  with varying subjects all  pretending to come from  random senders  with either  zip attachments or word doc macro attachments.

They use email addresses and subjects that will entice a user to read the email and open the attachment. A very high proportion are being targeted at small and medium size businesses, with the hope of getting a better response than they do from consumers. Some of these as usual appear to come from your own email addres

Some of the subjects seen include:

• Your .pdf document is attached
• Re:
• Hedy Castaneda
• Dara Keith

One of the  emails with a word doc attachment looks like:

From: Dara Keith <admin@hk-mst.com>

Date: Tue 17/05/2016 04:49

Subject: Dara Keith

Attachment: 706-d4390-lncnvy.dotm

Body content:

Hello

Please find the report attached to this message. The Payment should appear in 1-2 days.  

Dara Keith

Alternative body content

Please review the report attached to this email. The Transfer will be posted within one day.  

Best regards

Sandra Kline

Or

Please review the document attached to this email. The Payment will be posted in 2 days.  

Kindest regards

Aurora Holland

Or

Greetings

Please check the report attached to this email. The Transfer will be posted in 2 days.  

Maia Peterson

These malicious attachments normally have a password stealing component, with the aim of stealing your bank, PayPal or other financial details along with your email or FTP ( web space) log in credentials. Many of them are also designed to specifically steal your Facebook and other social network log in details. A very high proportion are Ransomware versions that encrypt your files and demand money ( about £350/$400) to recover the files.

All the alleged senders, amounts, reference numbers, Bank codes, companies, names of employees, employee positions, email addresses and phone numbers mentioned in the emails are all random. Some of these companies will exist and some won’t.  Don’t try to respond by phone or email, all you will do is end up with an innocent person or company who have had their details spoofed and picked at random from a long list that the bad guys have previously found. The bad guys choose companies, Government departments and organisations  with subjects that are designed to entice you or alarm you into blindly opening the attachment or clicking the link in the email to see what is happening.