This generic email with the subject of “Invoice Due” coming from help@simplexhealthcare.info with a malicious password protected word doc attachment does eventually deliver some sort of malware. Recently password protected word docs have been delivering some sort of Ransomware frequently Hermes Ransomware via Azorult intermediate download. This is probably Azorult on the first stage, based on the file name azo.exe but I can’t see any encryption happening using the online sandboxes. It probably is Hermes ransomware based on the file names. These criminals don’t tend to be very original. The details in this campaign do match the details shown in this … Continue reading →