Application security, Threat Management, Malware, Phishing, Ransomware

Major malspam campaign pushing Locky ransomware via spoofed internal email addresses

A large malspam campaign using spoofed email addresses has attempted to infect recipients with Locky ransomware in roughly 20 million detected attacks since Tuesday, researchers from Barracuda Networks have reported.

According to Fleming Shi, Barracuda's senior vice president of advanced technology engineering, it appears that the bot behind the campaign is able to generate fake email addresses that make it look as if the offending email is arriving internally from the recipients' own organization. "This makes it a little more likely people will click on it," said Shi, speaking with SC Media.

In a blog post published on Thursday, Barracuda states that the emails come with a 7-zip attachment that purports to be documentation related to a business payment, but actually contains a malicious JavaScript file. Originally, Barracuda did not specify which ransomware family the malware belongs to, but it did note that the zip archive file concealed malicious .JS malware, a tactic that has been observed recently in a recent wave of Locky malspam campaigns, fueled by the Necurs botnet.

Another clue: the malspam emails' subject line includes a date, followed by a random number, which is also characteristic of the recent Locky attacks. Indeed, after further analysis, Barracuda is now officially confirming that the malware is in the Locky family. 

Shi told SC Media that the volume of attacks diminished on Thursday after peaking on Wednesday, but the campaign still continues as of the writing of this article.

"We advise against making payment to ransomware criminals because this doesn't guarantee the decryption of your files and it encourages them to target you again in the future," Barracuda advises in its blog post.

Bradley Barth

As director of multimedia content strategy at CyberRisk Alliance, Bradley Barth develops content for online conferences, webcasts, podcasts video/multimedia projects — often serving as moderator or host. For nearly six years, he wrote and reported for SC Media as deputy editor and, before that, senior reporter. He was previously a program executive with the tech-focused PR firm Voxus. Past journalistic experience includes stints as business editor at Executive Technology, a staff writer at New York Sportscene and a freelance journalist covering travel and entertainment. In his spare time, Bradley also writes screenplays.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.