Researchers from F-Secure reported a massive spike in spam delivering the Locky cryptoransomware with 120,000 spam emails going out per hour on June 12.
The jump came after what had been a slow June with the campaign distributing Locky gathered speed during the first week of July growing from the usual 4,000 to 10,000 spam hits per day increasing to 30,000 per hour at times for a total daily total of around 120,000. However, on June 12 this popped to 120,000 or more emails per hour being sent, 200 times the usual number, F-Secure reported in a blog.
This amount was generated by two separate Locky campaigns.
“The two campaigns were distributed simultaneously, and they initially spiked yesterday afternoon at 2pm (here in Helsinki), and a second time around midnight,” F-Secure researcher Päivi Tynninen wrote.
In the first campaign the subject line only contained “Fw:” with a zip file attached named xls.convert_recipientname_randomnumber.zip. The body had a note insinuating that the attachment was a requested invoice. If opened the attachment would download a Jscript file and execute Locky.
The second campaign had “Profile” in the subject line and a zip attachment labeled recipientname_profile_randomnumber.zip, which again contained Locky.