Security researchers are warning users of a spike in spam emails containing a variant of the infamous Locky ransomware, known as Zepto. Cisco’s Talos team spotted 137,731 emails in just four days, containing over 3300 unique samples, according to technical lead.
“The email attack vector will continue to be used as email is an everyday occurrence now and the ability to generate large lists of emails for spam campaigns like this is growing easier. The breaches which occur include email data which is actively sold to bidders on the underground for this type of campaign,” said Mercer.
“Ensuring users are careful with email attachments, like the ones used in this campaign, will help in an attempt to null the effects of this and further spam campaigns. Talos recommend you ensure you have a good backup strategy should you be hit with ransomware and we strongly advise that payment is never made to these actors.”
Meanwhile the Locky ransomware continues to evolve, causing devastation to individuals and businesses as it goes. When it first burst onto the scene earlier this year, the botnet distributing it was shown to be the same one spreading Dridex banking malware. In March, FireEye noted a sharp spike in Locky spam with users impacted in over 50 countries.