your passport to all things web
Increased Ransomware Attacks Using Email and PDF Files
The specifics of the campaign include two variants of emails sent to recipients. One email has no text in the body of the email. In another variant, emails include text consistent with what you might expect from an email that contains payment invoices, receipts or scanned images, according to Baisini. In both cases, subject lines include either the word “Payment” and “Receipt” proceeded by “#” and numbers – for example “Receipt#272”. Filenames of the malicious attachments are customized based on recipient’s email address.
Emails include a malicious PDF document with an embedded Word document inside, researchers say. Once opened, the PDF asks the victim for permission to open a Word document. That Word document then asks victims for permission to run an XOR’d Macro that pulls down a malware dropper file. Once Locky is downloaded it encrypts files on the host computer.