Voice Message from Outside Caller (3m 54s) Peach Telecom delivers #Locky /#Zepto

An email with the subject of   Voice Message from Outside Caller (3m 54s) [ random length ]  pretending to come from Peach Telecom <peach_necsv06@hotmail.com>  ( random number after  peach_necsv )  with a zip attachment  which downloads Locky / Zepto ransomware They use email … Continue reading →

Source

Continue reading Voice Message from Outside Caller (3m 54s) Peach Telecom delivers #Locky /#Zepto

Zepto Evasion Techniques

We’ve been tracking some more spam dropping Zepto ransomware variants. Like earlier posts, we’re seeing infected attachments with malicious macro scripts used as the entry point for the threat actor. (See images below of some recent spam samples.) As we dig deeper into our analysis, we found out that these macro scripts are not crafted […]

The post Zepto Evasion Techniques appeared first on ThreatTrack Security Labs Blog.

Continue reading Zepto Evasion Techniques

Vigor2820 Series New voice mail message from random telephone number on 2016/08/23 21:01:59 delivers Locky /Zepto ransomware

Today’s Locky/ Zepto ransomware malspam emails have come steadily in waves all day long. There have been 2 distinct different subjects and themes. one pretending to be a voice message from your own email domain or company, with the second pretending … Continue reading →

Source

Continue reading Vigor2820 Series New voice mail message from random telephone number on 2016/08/23 21:01:59 delivers Locky /Zepto ransomware

Donoff Macro Dropping Ransomware

Recently, we’ve spotted Zepto ransomware spreading through spam email containing fake invoices (see image below). These attachments contain a Macro-Enabled word document file known as Donoff, which downloads the Zepto executable that encrypts all your files and will later ask for payment of the decryption key. We decided to take a closer look on the Donoff […]

The post Donoff Macro Dropping Ransomware appeared first on ThreatTrack Security Labs Blog.

Continue reading Donoff Macro Dropping Ransomware

Another malspam word doc pretending to come from your own email address delivers Locky / zepto ransomware

An email with the subject of FW: Documents Requested  pretending to come from  a random name at your own email domain with a malicious word doc attachment is another Locky / zepto ransomware dropper They are using email addresses and subjects that … Continue reading →

Source

Continue reading Another malspam word doc pretending to come from your own email address delivers Locky / zepto ransomware

Zepto Ransomware Packed into WSF Spam

ThreatTrack Labs has recently observed a surge of spam containing a zip attachment with a WSF (Windows Scripting File) to deliver Zepto ransomware. This tactic is a change from the common JavaScript and macro documents being spammed previously. Here are actual emails featuring familiar social engineering tactics: The zip attachments contain the WSF.   An Interactive […]

The post Zepto Ransomware Packed into WSF Spam appeared first on ThreatTrack Security Labs Blog.

Continue reading Zepto Ransomware Packed into WSF Spam