The attack campaign involves crypto-locking Locky ransomware via DropBox emails.
Some spam contains links to infected sites, while other messages carry malicious attachments.
Not all of the Locky spam emails arrive with malicious attachments; some are designed as phishing attacks that redirect users to real-looking but malicious sites, in this case sites spoofing Dropbox.
An e-crime specialist at CSIS Security Group in Denmark, says some emails related to this ransomware campaign are skinned to look like they’ve come from Dropbox. Some will attempt to trick recipients into clicking on a “verify your email” link.
The dropbox.html file that loads is designed to look like the legitimate Dropbox site. Clicking on a link can result in a zipped attack file being downloaded.
INC Tech’s MailSafe email filter successfully protected clients from this campaign
MailSafe: The MailSafe Email Security Solution & Email Filter.
INC Technologies’ MailSafe defends against emerging threats, assures continuous email stream flow, protects against data loss and helps fulfill regulatory compliance, while assuring the fast, accurate delivery of business-critical email.