The campaign infects victims with the Locky ransomware via weaponized email attachments that claim to contain logs of spam emails sent by the email recipient.
The campaign infects victims with the Locky ransomware via weaponized email attachments that claim to contain logs of spam emails sent by the email recipient.

In a new twist that plays on the long-time battle between ISPs and spam operators, a security researcher found a new malware campaign sending emails that masquerade as ISP complaints claiming recipients' computers have been detected sending spam.

The campaign infects victims with the Locky ransomware via weaponized email attachments that claim to contain logs of spam emails sent by the email recipient, according to the My Online Security blog. The ransomware campaign primarily targets small and medium size businesses (SMB).

The campaign initially used the .THOR file extension, according to Bleeping Computer founder Lawrence Abrams. My Online Security owner Derek Knight discovered the campaign, Abrams wrote.

Soon after the malicious campaign was disclosed, My Online Security published an update stating that Locky had switched to the encrypted file extension .AESIR.

Earlier this year, My Online Security discovered an “almost impossible to detect” PayPal phishing campaign that stole login credentials.