Enciclopedia de amenazas

Fake invoice email with Html attachment spreads Locky ransomware

Publish date: septiembre 09, 2017

Análisis realizado por:

John Kevin Adriano


An email with the subject 'Emailed Invoice - [random_number]' using a random name claiming to be from the recipients domain is spreading Locky ransomware.

The spam campaign uses a new technique to deliver ransomware through an attached html file. When the html file is clicked, it displays a page that says 'Your file is downloading. Please wait...' and will download a malicious executable file.

Given that most ransomware is spread via spam, Trend Micro users are shielded from these kinds of attack. Spam filtering and gateway solutions prevent emails with malicious attachments from making their way into the user's inbox.
Fecha/hora de bloqueo del spam: 09 sep 2017 12:00:00 GMT-8
TMASE Information

  • Motor TMASE: :
  • Patrón TMASE: :3318

Redes sociales

Conecte con nosotros en