New Locky Ransomware Spotted in the Brazilian Underground Market, Uses Windows Script Files
released on 2016-08-15 @ 05:59:59 PM
For the entry point, this Locky variant uses spam emails with .ZIP file attachments that contain WSF files. With email subject lines such as, “bank account record”, “annual report” and “company database” we believe that attackers are possibly targeting companies. We also noticed how most of these spammed emails were sent between 9 a.m. – 11 a.m. (UTC), a time when employees in European countries are starting their day at work. In addition, our data showed that there had been a high volume of spam runs during the weekdays and then a decreased volume during the weekends.